Monthly Archives: August 2017

ContinualProfessionalDevelopment

Continual Professional Development for Security

Category : Training Services

CPD – Continual Professional Development for Security is the process of tracking any skills, knowledge or experience that you gather as you work; both formally and informally. CPD can come from many forms including training courses, seminars, meetings or research to name a few. The security industry is one of the many industries that can really embrace CPD as there is a limited amount of required training in order to carry out most roles. As a result, alternative ways to develop as an individual and professional are required and CPD allows this to be recorded and credited as proof of development.

CPD for Security

The Institute of Security has developed a voluntary programme that is robust and easy to follow. PGS will assist in gaining the required points to fulfil the yearly target and ensure that Continual Professional Development is achieved. As you will see from the institute’s website; almost any activity has CPD points attached to it and with the scope of available activities, you will only benefit by expanding skills, knowledge and experience.

The benefits of Continual Professional Development are:Development of Securityofficer

  • Stay up to date with industry changes
  •  Have development recognised
  • Record & define competencies
  • Increase your employability
  • Stay motivated & driven to improve
  • Create a foundation to your career

What is Formal & Informal Learning

Formal Learning – these include events, seminars, conferences, course and qualifications and are normally concluded with a certificate or other evidence to document against Continual Professional Development.

Informal Learning – giving presentations, writing papers or articles, providing mentorship or carrying out research. These practices usually involve the supporting of others.

Getting Started

In order to get started please visit The Security Institute and read through the programme. Once you are happy to proceed; download the toolkit and begin the exciting time of building your CPD portfolio.

PGS Course for CPD

Phil Green Security is currently offering CPD course

CourseDuration Delivery TypeCPD Point ValueCost
(per attendee)
More Info
CPD136 – Security Officer Refresher12Hrs (2 Days)Classroom12 Credits£40.00
Larger groups are eligible for discounted rates
CPD 136
CPD124 – Auditing for Success10Hrs (1.5 Days)Classroom10 Credits£40.00
Larger groups are eligible for discounted rates
CPD 124

Benefits for Employers

There is no better time to invest in your staff than now and PGS is here to assist in getting to that next level. We are continually developing new ways to improve the security industry and as we are a service based sector this can only be done by improving staff knowledge and ability.

Need that little extra to make your tender stand out? Why not add the Continual Professional Development plan to this and show to your clients new and old that you are just as committed to your staff as you are to turning profits.

PGS offers a discount when group booking; this can equate to a set day rate when booking more than 8 attendees to a course.

Please contact PGS direct to discuss how we can work together and improve the security industry today.


Did you read our article about Review of August 2017?


ORLevel1

Defining Security Operational Requirements Level 1

Category : News

The most important aspect of protecting any site or asset is to define the operational requirements. Carrying out the operational requirements (OR) process will allow both clients and consultants to decide on the security measures that are both proportional to risk and required investment.

 

What is an Operational Requirement?

Operational Requirements fulfil the task of assessing, developing and justifying measures needed to protect assets against security threats. OR is a structured process to Outline & Assess security risks, identify risk Mitigation Options, Develop a strategic security plan (SSP) of how the needs of an organisation will be met and finally; assist in building a Business Case for investing in the over all development and delivery of the proposed plan.

The process of operational requirement planning is separated into two levels; Level 1 consists of the planning & assessment stage and should be carried out an organisations personnel or a dedicated security consultant during security auditing. Level 2 OR is used to translate the information from level 1 into a detailed plan of individual security measures and should be provided to project teams or an individual responsible for the delivery of the measures. A well-compiled level 2 Operational Requirements report can also be used for costing or tendering options.

  • It can be used to assess, justify and develop security measures against specific threats
  • The process is very intuitive and uses the standard risk assessment formula; meaning easier and faster completion
  • All assessments are able to be formatted to fall in line with current risk assessments; leading to closer integration with non-security departments.
  • Due to the nature of the process; updating and reviewing past assessments becomes a simple process leading to security evolving with dynamic threats

                                                                  Operational Requirements

Level 1 Operational Requirements Process

Level 1 is broken into five steps

StepObjectiveDetail
1Identify AssetsIdentify all assets that need to be protected. Time should be taken to prioritise the assets highlighting those that are critical.
2Identify Threats- Who is a threat?
- Why are they a threat?
- What is their target, goals and capabilities?
- Is your organisation vulnerable to the threat? and how?
3Assess the RisksWhich risks should be focused on?
What risks does the organisation face?
4Identify Risk Mitigation Options
(Develop Strategic Security Plan)
What options are available?
What are possible impacts from implementation?
What will the SSP cover?
What integration options are available?
5Review Implementation EffectsIs the organisations capable and/or ready for implementation of the SSP?

Step 1: Identify Assets

When identifying assets time should be taken to address each with a priority structure. Within any organisation, there will be critical and non-critical assets that will require protection. However; the levels of required protection should be defined to reflect the criticalness of the asset itself. This step in the OR process is important as it will formulate the argument for where most resources should be directed.

Step 2: Identify Threats

Acknowledging the threats posed to an organisation and how vulnerable the organisation is to these threats is the base line of any Level 1 OR. When identifying threats; you should also be looking to identify potential instigators, whether internal or external to the organisation’s structure. An example of each could be Internal – Disgruntled Employee & External – Protestor.

Sources of intelligence may provide you with information regarding instigators and can come in many forms, such as colleagues, police or intelligence services, members of the public or security contractors.

During the treat analysis, you can use three points to prove as a tool to ascertain capability and intent:

  1. Why are they targeting the organisation?
  2. Which assets are likely to be targeted?
  3. How would these targets be attacked?

Other aspects that need to be taken into consideration are things like i) National Threat Level, ii) Previous threats, iii) Previous incidents, iv) Changes in threat, v) Potential future threats.

Step 2 should be continuously reviewed even external to any OR procedure in order to maintain focus on dynamic threat environments.

Step 3: Assess the Risk

The basis of the risk assessment should be taken from the view point of a worse case scenario and should look at the successful attack or completion of any threat upon an individual asset.

Protection categories fall into four headings:

People – Staff, visitors, contractors, customers

Physical Assets – Buildings, Contents, Equipment, Materials

Information – Electronic, Paper or Both

Processes – Any aspect of operational process and/or service required to support the organisation

It is impossible to put these categories into a universal critical order as each organisation will have different demands; however, no matter the order; these areas should be continually reviewed as the organisation adapts and grows.

Step 4: Identify Risk Mitigation Options

Once the previous steps have been clarified; all that remains in the development of the level 1 OR is to matrix the information and evaluate different mitigation options for each asset + threat x risk combination.

During the mitigation planning; other factors will also need to be equated such as financial cost against benefit. It should always be a priority to remove a threat if possible, however much like a risk assessment in Health & Safety, reduction of the risk to an accepted level can often be more sound; especially economically.

So let us take a look at potential mitigation outcomes:

  • Remove the Threat – Most desirable but can be resource demanding
  • Reduce the Vulnerability – Often through operational and/or physical measures
  • Reduce the Impact – This outcome negates prevention of an attack and concentrates on putting plans and resources in place to recover from an attack if it were to happen

Upon setting out a base of options for each threat; scenario analysis should be carried out to explore the suitability of them. During the analysis, any options that fail to be viable should be dropped in favour for a core of robust and suitable options. The core mitigation options can then have basic costing analysis generated for each and the information is collated into a strategic security plan (SSP).

An SSP should include:

  • A breakdown of components involved in the mitigation option
  • How the option will be implemented
  • How the option will be audited and measured post implementation

Further information can also be included such as timescales, suggested measures during implementation and effects on non-essential assets.

Step 5: Review Implementation Effects

The final step is to analyse the effectiveness of the proposed SSP and define how it will both migrate into the organization’s current measure and also what possible impacts may be a result of the implementation.

Initially, the SSP should be used to reality check the feasibility of the chosen mitigation options and secondly; to check that the operational capabilities are in place to ensure a smooth implementation.

 

In a future article, we will look at the Operational Requirements matrix and explore how to put level 1 into action.


Did you read our article about Penetration Testing the Old Fashioned Way?


BombThreatPolicy

Bomb Threat Policy – When Was Yours Last Reviewed?

Category : News

BombThreatWhen talking about a bomb threat policy we need to be open-minded to the risks that clients may face. In today’s climate, it’s easy to develop a narrow view of the threats presented to businesses, especially when it comes to acts of terrorism.

It would be worth remembering that an act of terror is defined as ‘an action that is carried out with the intention to cause terror to another party’. With this in mind, potential threats can arise from more than just from religious groups, something that can be forgotten especially with daily media coverage. Other potential threats can develop from disgruntled former employees, competitors or even members of the public who have taken a negative view on the business activities.

In this article, we will break down some of the common misconceptions about bomb threats and help bring supporting policies up to date and more practical.

What is a Bomb Threat Policy for? (BTP)

This may seem like a simple question but for many people who have overlooked or not even read a bomb threat policy; this is an essential question to answer. When summarising the definition of a bomb threat policy we also need to remember that it is better in security to plan for something that never happens; rather than not planning and have something happen.

So a BTP is a document that should be included with site assignment instructions or as part of the larger Emergency Preparedness Plan (EPP). [We will cover EPP’s in a later article.] The purpose of the BTP is to outline the procedures that must take place when dealing with bomb threats either received in person or via any other communication system. In days gone by the BTP usually consisted of a single sheet of A4 with a very basic check list; this is both not enough nor adequate for the purpose.

 

What needs to be in a BTP?

When developing a BTP there needs to be a number of areas included that are not optional; such as Roles & Responsibilities, Evacuation Procedures, Action Plan Options, Device Safe Distances and also more importantly how the decision is made to reoccupy.

Optional areas that can be included are things such as a detailed breakdown of the current threat level; however, for this article; we will only be covering the essentials.

It is also at this time we would like to make something very clear; ALL evacuation points should differ between fire and bomb threat evacuations. If a client plans to evacuate staff to the same areas that would be used during a fire evacuation; this gives the potential terrorist the option to activate a fire alarm and have a device planted in the fire muster point(s). We are sure that upon reading this you can appreciate that this would give maximum casualties. Separate muster points must always be implemented for both fire and bomb threat evacuations.

 

Bomb Threat Policy Breakdown

In this section, we will break down the BTP very briefly and in order to maximise understanding; we will use the template that we have included with this article. (Template available at bottom of article)

SectionPurpose
Policy StatementTo introduce the document and outline when the BTP is to be used.
ResponsibilitiesGives a clear breakdown of who is responsible for each aspect of the procedures under the policy. This can be given by name or position. This section is normally only used to identify direct roles and responsibilities of individuals, not for group actions.
StaffThis section is similar to the above; however, deals with group roles within the procedures. i.e. The security teams role
Reporting ProcedureWho needs to be contacted and at what stage
Call RecordingOutline what information needs to be recording during the call and also different ways to discover further information whilst engaged in the call. (Appendix of template is designed to assist with this)
Search ProcedureFurther broken down into roles and responsibilities including what to do at key points such as the discovery of a device, contacting emergency services and high-risk areas to prioritise for searching.

The emergency services will expect on site staff to assist with the search as they will not know what is and is not suppose to be there, especially on an industrial site.
Evacuation PlanMust include what steps lead to an evacuation; including no action and partial evacuation. Also details on muster areas and safe distances for different size devices. This is also where details should be included on when to reoccupy the premises and who is to make this decision.
Call ChecklistNormally included as an appendix

Must Have Essentials

  • Clear roles set out with full training carried out regularly
  • Up to date reporting procedure included within the document
  • SEPARATE muster points for fire and bomb threat evacuations
  • Checklist for recording call details (a separate copy of this should be easily available)
  • Detailed and easily understood search procedures
  • Device stand off information for different size devices
  • Reoccupy procedure detailing who is responsible for the decision

Summary (a personal message)

Unlike many of my other articles, I am going to break with the normal ‘business’ context of writing and instead will talk straight as if I was talking to you in person. I know that many reading this article will be thinking things such as ‘it will never happen to me’ or ‘what is he on about? he isn’t MI5’… I will be honest I do not blame you as this subject is so far removed from the normality of life that it is easy to become some what ignorant to the risks that are out there. Recent events in the UK and further a field must show that this can happen to anyone… anywhere… and it is each of our responsibilities to prepare for anything that might happen no matter how small the chance.

I am going to be honest; the one thing that really breaks my heart is the fact that the people guilty the most of being ignorant to this level of threat is fellow security operatives who I see in the industry on a day to day basis. We can look back not only to recent events such as the Manchester Arena attack; but also even further to attacks carried out by the IRA. Sadly the days of only seeing suicide bombs and terror on the TV have past and now the threat is closer than ever to your doorstep.

To each and every one of you who have stayed with me this far; download the document, edit it to fit your needs and let’s get it implemented.

Click to Download

 

 

 

 

 

 

Further Reading

Disgruntled employee calls in a bomb hoax

Video to Watch

Manchester 1996 IRA


Did you read our article about Defining Security Operational Requirements Level 1?


Penetration Test

Penetration Testing the Old Fashioned Way

Category : Audit Solutions , News

Penetration Testing is a vital step to take in order to ensure that a clients security measures are meeting even the basic of requirements. PGS offers penetration testing as either a single Covert Surveillance assignment or within an auditing process, be it an individual audit or a continual audit programme.

 

What is Penetration Testing?penetration testing

Simply put; penetration testing is the attempt to enter a predefined area that is covered by security measures. Furthermore the individual carrying out the testing often uses fictional reasons to gain entry or even weak points of perimeters. However, for the testing to be of benefit and a positive learning tool; no excessive steps should be taken in order to gain entry.

For example, A hole in a perimeter fence can be used, but making a hole that did not already exist would not be permitted.

Preparation for Testing

Due to the varied nature of clients sites and requirements; preparation for any testing is vital. Yet it is also vital is that any individual on the security team must never be informed of an upcoming test.
 
Initial preparation will consist of either a meeting or phone call with the client to set out the basic parameters of what and how they feel the test should be conducted. Once the initial concept is provided; PGS will carry out more detailed planning which may even include reconnaissance of the target site. The brief which will consist of both the client’s requirements and any advisories or recommendations will then be reviewed with the client.
Upon completion and finalisation of the brief; the client will be asked to sign off on the testing and a date will be set. To maintain a neutral position, the time of the test will not be provided to the client; unless required due to H&S issues. PGS will also take steps to inform any authority; such as the police, that testing is being carried out. This final step is essential in order to reduce the impact on external bodies and can often lead to a stronger relationship with local authorities.
 

Execution of the Test

Here is the fun part…
 
Once the testing begins all details are recorded for later reporting. PGS use many different tools and systems to capture information during testing; including audio/video recording equipment, photography equipment and even GPS trackers. Our goal is to identify any possible areas of improvement in a positive manner, and not to bring a negative light on current security measures.
 
A good example of a test could be attempting to enter a site by giving the Gatehouse false details or posing as a delivery driver to gain access. Our testing is not limited to site based assignments however and can also be used in hotels, shops, private homes… the list is endless.
 

Conclusion of Testing

There are two possible outcomes for concluding testing; either a failed attempt to enter or a successful entry, each of which has its own outcome.
 
Failed Testing
If stopped and/or refused entry; then identification will be produced and a request for the client to be informed. A meeting is then held with the security staff to debrief on the test event.
 
Successful Testing
Although a detailed plan will of be finalised within the brief creation; it is standard practice to leave the site without raising any suspicion. Once off-site; a detailed report will be issued to the client and a follow-up meeting scheduled.

No matter the result of the penetration testing; it is often beneficial to follow up with further auditing processes.


Did you read our article about Never Underestimate The Influence Of A Good Security Uniform?

Get in Touch

Phil Green Security


never

Never Underestimate The Influence Of A Good Security Uniform

Category : News

Traditional security uniform is generally made up of a white or blue pilot shirt, dress trousers and clip-on tie. At PGS we have decided to take a look at security uniforms and how they can enjoy a much-needed update.

The Traditional Security Uniform LookSecurity Uniform

So let us begin with a brief look at a standard security uniform:

  1. White or Blue Pilot Shirt (Cardboard Collar mandatory)
  2. Clip-on Tie
  3. Black Trousers (Sometimes Charcoal if cheaper)
  4. Safety Boots (Also known as ‘chucker’ boots)
  5. Thick Wool Jumper (This is mostly in Summer)
  6. Epaulettes (Not so common, but it should be on the list)

For many years the traditional security uniform has consisted of the listed items, this leads to an easily identifiable security officer. When correctly maintained; the combination of pressed white shirt along with creased trousers can provide a very professional and authoritative presence. Yet, the traditional style is also very dated and if not cleaned, pressed and most importantly fitted properly; it can make even the most professional officer look second rate.

So let’s have a look at the Pros and Con’s of the traditional uniform…

ProCon
If fitted, clean and pressed; can look smartNot Practical
Stands out in most environments Easily Dirtied
Is accepted by general public as the 'security' lookHard to Size for
Generally more expensive then alternatives

Formulating the Argument

Ok so before I jump in with the next section of this award winning article; I need to explain my thought process and more over, how I believe the security industry needs to modernise quickly.

In order for me to explain easier; I need to call upon an example and the best example is police uniform and its changes over the past years. Now before anyone shoots me down; I do not believe that security officers are in anyway the same as police officers, but I do see that many situations or environments are shared between the two professions.

1998 Police UniformSecurity Uniform

If compared; the 1998 police uniform is a good baseline for where security uniforms are at today. The officers are wearing the white pilot shirt, clip-on tie and (you guessed it) the dress trousers. Some forces in the UK still adopt this style of uniform; however, the majority have taken a more practical step.

Current Police Uniform (Most Forces)

Security Uniform

Currently, police uniforms have adapted to improve comfort to the wearer and also the practicality needed during long shifts. Now 100% polyester ‘wicking’ fabric shirts replace the white pilot shirts. Dress trousers have been replaced with pre-stitched black combat trousers; which also include thigh pockets and finally, the old fashioned duty shoes have been replaced with the more tactical Magnum boot. (Please also note… good bye clip-on tie)

The addition of body armour is an area that will be cover further on in this article.

In order to close of the comparison between the policing uniforms; the traditional style was swapped out for the more comfortable and practical option.

 

 

Security Uniform Revised

Security officers need to benefit from a similar update to that of what police officers have enjoyed. There is a degree of separation within the security industry as uniforms must also be suited to the type of client or contract being serviced. In this article; we will cover corporate and site security officers.

Corporate Security OfficersSecurity Uniform

Corporate security officers (also known as ‘front of house’) often carry out reception duties and are normally based at an entrance point to offices or blue chip buildings. Although the primary role is always that of security; corporate security officers often carry out secondary duties such as postal delivery and collection, telephony services and health & safety checks.

Uniform

  1. White shirt
  2. Company Tie
  3. Blazer with company logo
  4. Dress trousers
  5. Smart / polished dress shoes

 

Site Security Officers

Site security officers are normally on commercial sites, often involve external patrolling and have a need for equipment whilst carrying out their role. So what would be the best direction for the uniform? Well for this we need to take a lead from the police’s own update… (Don’t get too excited!)Security Uniform

  1. Polo or Wicking T-Shirt
  2. Black Trousers (Pre-Stitched crease)
  3. Black Boots – Tactical in nature (Safety grade)

Optional Extras

  • Body Armour (This is a debate for another time)
  • Duty Belt (Carry as little as needed)
  • Sunglasses (Yes I look cool, but they are also practical on sunny days)
  • Radio Earpiece (In ear is always the best option) [Article coming soon on how you can use these for your phone via bluetooth]

Conclusion

What uniform is issued to a companies staff is always going to be a subjective topic, but we can only hope that the security industry wakes up and moves into modern times. As a collective industry we need to move away from the old fashioned, ill fitting and drab uniforms and become more ‘tactical’; not to impersonate the police, but instead; realise that they have moved towards practicality and we need to do the same.