Entry control

1 Introduction
2 Threat assessment
3 Operational protocol
4 Duty of care
5 Selection process
6 Maintenance
7 Summary
8 Related articles on Designing Buildings

[edit] Introduction

With the heightened threat levels and the general awareness of security, we are seeing wide reaching changes in attitudes towards perimeter protection from secure fencelines and perimeter intrusion detection to entry point control using Hostile Vehicle Mitigation (HVM). Many sites (especially critical infrastructure) are securing their perimeters and creating a hardened stand off area for improved protection against attack.

Unfortunately, while awareness of threat changes are undoubtably a positive, there are elements of the reactions to changes which are often excessive and at times ill-conceived. This is because the reactions can be knee-jerk and consequently do not follow a proper process of assessment of what protection is needed, why and how it can be properly implemented.

Most of the best practice process is detailed in standards IWA-14.2:2013 (Security Barriers – Application) and IWA-14.1:2013 (Security Barriers – Performance) however without the right partners (Consultants, Manufacturer, Installer) the process will be difficult to complete satisfactorily.

[edit] Threat assessment

Before embarking on any proposal for the implementation of entry point control, it is essential that there is a full understanding and quantification of the threat including the assets under threat, stand off needed to protect those assets, consequential risk (collateral damage) and possibilities for passive mitigation designs.

Detailed threat assessments are usually very complex and require a large amount of experience and knowledge to be completed satisfactorily. As the initial assessment is the cornerstone of the design of any entry point control, it is always recommended that expert consultants are used to carry out this function and they will follow the principles set out in IWA-14.2 2013 (Security Barriers – Application) which superceded the PAS69 standard.

It is more common than you would expect for a high security system to be installed on an entry point with no consideration being given to a remote exit point leading to the same critical assets and these projects have invariably missed this vital step in the design process or have used inexperienced or unqualified consultants.

The implementation of any project of this type could greatly impact the running of the facility and it is important to identify and engage with all stakeholders in the early stages of the project design to ensure smooth implementation and buy in. It should not be forgotten that any barrier system will impede vehicle access and this often leads to frustration by users which is easier to manage if all stakeholders are “on board” from the start.

[edit] Operational protocol

The physical operational impact of entry point control is something that is often missed in consideration of protection measures. There have been many instances where a control point has been implemented, gone live on day 1 and then switched off on day 2 due to the impact on local transportation links. Obviously, this is not a good situation and can easily be avoided by anticipating and considering the consequences of the implementation of a control point on the environment. For example, if the threat assessment allows, the operational protocol for entry point control can be varied to accommodate peak traffic flows

Operator training is an essential part of any security system and possibly even more critical when it comes to entry point control. With the wide spread use of sub-contract security companies to operate and maintain site security, the ultimate stakeholder is more remote from the frontline security in both the literal and theoretical sense. This makes the need for a clear and auditable process for training even greater and stakeholders need to be sure that proper training is being carried out continuously. Don't forget that the equipment being deployed at these check points can, if misused, be lethal and you would not issue a loaded gun to untrained staff!

Operational Health and Safety is always the most important consideration and any barrier installation will need to have a safety risk assessment completed before commissioning although a safe operating procedure should have already been incorporated within the protocol and any residual safety risks addressed by safety systems on the physical equipment.

[edit] Duty of care

As an employer you have a responsibility (whether legal or moral) to staff to protect them from harm and while with security protection this is not always possible, there should at the very least be a clear and documented understanding of the risks of the roles and an assessment of what (if any) protection can be put in place.

If a threat assessment identifies a serious risk that requires an intervention or protection in the form of entry point control then you are understanding and accepting that there is the possibility of a major incident and are crystallising the likely location of that incident with a control point. Any staff deployed to operate systems at the control point (or other staff / general public in the vicinity) will consequently be at enhanced risk and need to have a carefully considered plan to mitigate the risk.

The concern is that when the risk is an explosion then the reaction is often "there is nothing that can be done to reduce the localised effect. While this may be the case, if you can mitigate the risk by even a small percentage then, given that as an employer, you are putting employees at an enhanced danger level, any improvement in protection, however small it may seem, should always be considered.

Risk mitigation can take in many forms and can include physical protection from blast / ballistic attack, as well as adjustments to the operational protocols ensure that the least amount of personnel are at risk at any point in time.

[edit] Selection process

With the development of more and more innovative physical blocking solutions, careful research of what is available using product sourcing sites such as HVM hub (https://hvmhub.com/) will aid the process considerably.

Whole life cost should always be understood when selecting products and this should include not only the product cost but foundation requirements / cost, installation, warranty periods, maintenance costs and life expectancy. Information on duty cycling and mean time between failure will also help with the selection process.

Using vetted manufacturers (for example PSSA members) will always give some additional confidence that what is being procured / used is from a reputable source with a history of successful projects. Project references are a valuable source of confidence support and can often highlight potential issues that have been seen on similar sites.

[edit] Maintenance

While maintenance would arguably sit outside the selection and implementation process (other than whole life costs), it is necessary to include at least a few comments here due to the often overlooked or ignored nature of this area of work.

Once an entry point control system has been assessed, designed, procured, installed and commissioned, it is very easy to consider the project complete and this is exacerbated by the likelihood that the maintenance work is more likely to form part of a different department.

The purpose of the system installed and operating is easily forgotten in time, and the criticality of the ongoing functionality of equipment (that was originally installed as a potentially life saving piece of equipment) may be reduced in importance.

It cannot be stressed enough that any product or system protecting critical infrastructure and / or people must always be fully operational and be available to work if and when required. This is why proper and regular maintenance by fully trained and competent engineers (eg PSSA Installer members) of the equipment should be, and remain, the highest priority once system has been commissioned.

[edit] Summary

Any entity that enters into a process as described above is doing so to protect lives and critical infrastructure and following the correct process with the best consultants / partners will ensure the best solution.

This article was written by Paul Jeffrey, Chairman PSSA (Perimeter Security Suppliers Association), [email protected]. It was first published in Counter Terror Business Magazine. http://www.counterterrorbusiness.com/features/there-more-entry-point-control-barriers

--Paul Jeffrey