Pointer has recently done work for a high-profile government building with restricted security access. This was a large-scale project with ongoing maintenance.

Requirements

• To manage, process and handle ‘Restricted Security’ project in a secure manner.
• To ensure business continuity and commercial transparency.
• The system must be fully supported by multiple vendors
• Replace the Access Control System
  • Capture current access card database
  • Select replacement cards to use with existing card readers
  • Ensure that the existing and new systems operate together during the transition phase
  • Dual Authentication
• Replace the current CCTV System
  • Systems users fully trained
  • Ensure existing and new systems operate together during transition phase
• Transition the Intruder Detection System from the existing to a new security system, minimizing downtime and making sure system users are fully trained.

How did we carry out this work to meet the requirements?

Pointer are registered with a UKAS Certification Body and we are certified to ISO 27001:2013. We have a process for Information Risk Methodology which we use to develop and implement control measures as well as following any customer specific requirements. As per the requirements of UK HMG Security Policy, individual privacy and technical risks are carried out on an initial assessment. Adequate control measures will be identified and approved. This will form a specific Information Security Method Statement which all staff involved in the project were aware of and adhered to. Staff were audited during the project to ensure compliance. These control measures and methods of working is taken from many of our Information Security Management System (ISMS) procedures and processes which is subject to annual external audits by our Certification Body NQA for ISO 27001:2013 Registration as well as an annual Internal Audit and an Annual Management Review. Our Management Review process is looking at further UK certification – Cyber Essential Plus on top of our current ISO 27001 certification and ISMS system and external Penetration Testing.

Access Control

We were able to successfully capture the current card database and export it prior to any work being done. This allowed it to be fully imported into the new system and tested prior to commencement of any work. Proof of functionality was demonstrated on a non-critical door in a low risk area.

We reviewed the various options for cards based on the key requirement for a dual format ensuring compatibility with existing card readers and the new readers. Considering this we made an informed decision to choose an option that would not be disruptive and would run smoothly with current systems. We chose a format with no reported security risks or public awareness of the format being compromised. The card chosen also had a high level of encryption utilizing Secure Identity Object Technology.

During the transition phase we were able to have both the older and new system working together concurrently. We were able to successfully migrate from one system to another after complete testing in non-critical areas first.

Dual Authentication was an important requirement for this customer due to the high-profile nature of the environment. This meant that along with the access card that employees were using, we also implemented a finger print reader. The reader chosen, employs a multispectral imaging sensor that simultaneously reads data from both the surface and the subsurface levels of a fingerprint even when features are hard to distinguish due to various environmental factors.

CCTV

Prior to utilising any new technologies in our projects, we subject them to robust testing programmes and processes to define the resilience and quality of the equipment. We evaluate all products that we use and have in place:

• Innovation Centre (Test Site) – we rigorously test all new technologies and equipment we will be using to ensure its robustness. This Test Site (located on the outskirts of Glasgow) enables ongoing evaluation of new technologies in addition to continued testing of new technologies in our IT workshop in our Glasgow office.
• FAT (Factory Acceptance Test) – We ensure the Solution will work prior to commencing the job, managing additional costs. We have worked on several projects where a ‘Proof of Concept’ innovative solution has been proposed. We integrate the component parts from various vendors and test vigorously in a FAT environment prior to deployment.

By doing this we ensure that the products we use for CCTV or otherwise, will work properly and efficiently therefore minimizing risk of any installation issues. When choosing vendors, we carried out assessments of the customer needs as well as looking at the current vendors to see how best to integrate the current and new technologies together during the transition phase.

Intruder Detection System

This customer uses panic buttons to ensure the safety of everyone in the building These panic buttons alert the relevant CCTV in the area so that it will being to record anything happening around the event. This system, again, was successfully implemented by integrating with the current system first to avoid any downtime.

We were able to provide staff training on the systems not only at the system handover stages but on a continual basis, offering support.