Monday, November 15, 2021

Should I Upgrade My Existing Security System?

Should I Upgrade My Existing Security System? 

A security system is designed to do one thing: keep you, your property, and those you care about safe. However, if you are using a security system that is ten or more years old, it may not be able to provide you with the level of security you want or need. Not only are older systems susceptible to malfunction, but since they are less sophisticated than systems available today, they put you at risk of malicious activities by tech-savvy thieves.

Unsure how to decide whether it is time for your upgrade? Below are three reasons that you should consider installing a new security system today!

Here are four signs it is time to upgrade your security system:

1. Dated technology
Security systems are not a once-in-a-lifetime investment. Like any piece of technology that you purchase, they have to be frequently updated and maintained to optimize their functionality. Your security system is like a phone — it requires periodic investment and replacement over time, not to mention that since technology changes so quickly, your device could soon become obsolete.

2. Alarm safety
Before the days of wireless data, security systems were operated via land lines with wires that could be easily manipulated by unwanted intruders. Luckily, since modern alarm systems operate using cellular transmitters to send and receive messages, they provide a safer alternative for homeowners.

At Video, Intrusion or Fire Monitoring in India, we have partnered with Netra Monitoring to provide customers with specialized Interactive Alarm Monitoring services, including home automation, remote arming and disarming, thermostat control, video surveillance and much more. Unlike an outdated security system, the Alarm Monitoring service feature can be managed centrally for one location or multiple locations through an app on your iPhone, iPad, or Android-powered device.

Your safety is of the upmost importance, but with Netra Monitoring, it doesn’t have to be an inconvenience.

3. Transmission
The biggest reason security systems become obsolete is that technology becomes outdated. Since most modern security devices use the same towers as cellphones to send and receive alerts, it is most likely that the reason your product will be unusable is that, much like a cell phone, the network it uses to operate is no longer available.

The good news is that there is often quite a bit of overlap in what networks are available. For instance, 2G technology is being phased out, but 3G, 4G, and 5G are still available and often work interchangeably.

What is great about a system that works on this kind of network is that while 2G will soon be unavailable, you don’t have to replace your entire system to still use it. Often, you will need to replace a small component to keep it running.

4. Protecting Your Investment
The best way to ensure that you are getting the most out of your investment is to purchase your new security system from a company that is dedicated to making your experience with their product the best one possible. At Fire Monitoring at India, we perform regular service and maintenance on your products and make sure you are informed of any upgrades that your system requires and technology changes or your system ages.

We think of keeping an alarm system up-to-date as being similar to maintaining a car. Just because your car gets old doesn’t mean it is useless — if something breaks, you fix it and keep on driving. By working with one of our technicians, you will get more life out of your equipment than you ever imagined and be able to enjoy the safety you deserve for years to come.

When your security system becomes an afterthought – and eventually an outdated afterthought – it leaves your building vulnerable.

Netra Monitoring installs custom-designed, scalable, user-friendly usable commercial intrusion alarm systems, and we feel that even the least experienced user will be able to use our systems with the proper training. Netra Monitoring also work for Central Alarm Monitoring with Video Verification services in India.



Monday, November 1, 2021

2021 is a big year for Mobile Credentials

2021 is a big year for Mobile Credentials 

Modern electronic access control systems, whether on-premise or cloud-hosted, offer a variety of ways to authenticate users and grant them access to a space. Credentials are typically classified into a few categories, something you have, something you know, something you are, or any combination of these categories (multi-factor).

Keep reading to learn about four of the most common types of access control credentials and how they can help you manage your space more effectively.

In access control and identity management, authentication is done via three factors, namely what you have (keyfobs and access control cards), what you know (passwords) and what you are (biometrics).

Needless to say, more and more people are now using their smartphones to open doors. And 2020-21 is likely to be a big year for mobile credentials, whose market size and deployment are expected to reach a new height.

In terms of the “what you have” factor, regular and smart cards have been in use for a long time, whereby the user either taps the card on the reader or bring the card close to it. Yet more and more, mobile credentials, or user credentials stored in the user’s mobile phone which can then interact with the reader, have become a more popular concept and are increasingly deployed in certain end user entities such as offices, college dorms and hotels.

1. RFID

Historically, the most common credential is RFID technology using some sort of card or fob (something you have). These RFID options can range from basic proximity cards and fobs to more advanced and secure smart cards that use integrated circuit chips embedded into the card itself to provide encrypted communication with the access control readers. Not all access control cards are secure as some can be easily sniffed and cloned. Access control cards can also easily be lost or stolen, which can create a vulnerability.

2. PIN Codes

PIN codes are also a popular method where a PIN code (something you know) is assigned to a user and then used as their credential to access a space. With PIN codes, a user walks up to the keypad on a door and types in a numerical code assigned to them to authenticate and gain access to a space. PIN codes do have some drawbacks as well. PIN codes are often shared, creating a security risk. In addition, PIN codes can be cumbersome to administer and maintain.

3. Biometric

Biometric credentials have grown in popularity over the past several years and can include multiple biometric features (something you are). There are biometric devices that can scan fingerprints, retinas, or the palms of your hand to authenticate you and grant or deny access. Another biometric option is facial scanning where a device can scan a face to determine facial features that can be turned into a hash that can then be used as a credential. Biometric readers have come a long way and can offer a high level of security, but in order for biometric readers to work effectively and efficiently, they need to be installed in the right location and in the right environmental conditions.

4. Mobile Credentials

Perhaps one of the fastest-growing credentials lately is mobile credentials. Mobile credentials allow users to have a credential stored on their mobile devices, usually in the form of a mobile app, that they can use to gain access to spaces providing those spaces have compatible hardware. As a user approaches a reader, they can make an unlock request using a button on their phone or even a gesture, to gain access. Mobile credentials also have the advantage of providing multi-factor authentication easily by leveraging the built-in PIN code functionality or biometric readers of the mobile device for additional security. A system administrator can require that in addition to the mobile credential a user needs to provide either a PIN code and/or a fingerprint/facial recognition, whichever method the mobile device supports. Mobile credentials have grown in popularity so much because just about everyone has a mobile device with them at all times, and they are easy to administer compared to managing RFID cards or PIN codes.

In fact, 2020 is set to be a big year for mobile credentials as suggested by various stats and figures. Gartner, for example, has predicted that in 2020, 20 percent of organizations will use smartphones in place of traditional physical access cards, compared to just 5 percent back in 2016.


Growth drivers

That the mobile credential trend is picking up is quite understandable due to their various benefits, among them the convenience factor. Whereas the user may forget to bring their keycard, they are less likely to forget to bring their smart device. Further, compared to keycards, smartphones are less likely to be lost as users attach greater importance to them. On a related note, since chances are the user already has a mobile device, the end user entity does not have to spend extra cost to make cards for their staff.

Besides those benefits, wider technology availability will drive growth as well. “When they first appeared about 10 years ago, mobile credentials used near-field communication (NFC). Since Apple never provided API access to its NFC capabilities, adoption was limited, because the technology was only available to Android users. Today’s mobile credentials use Bluetooth, which is supported by all smartphone manufacturers and many wearables, such as smartwatches, and is therefore available to virtually everyone with a smart device. Bluetooth also ups the convenience factor since Bluetooth readers allow users to open doors without even taking their phones out of their pockets. If your customer uses a cloud-based access control system, mobile devices can communicate directly with the cloud via Wi-Fi or cellular.
 
Meanwhile, compared to cards, which can be duplicated or cloned, the mobile device has more security features. The biometric function that unlocks the phone in and of itself is a security feature that prevents misuse by others in the even the phone is lost. Meanwhile, the latest technologies also enable communications to be safer between the phone and the reader.
 
Finally, mobile credentials have the “wow” factor. “Everyone loves new gadgets, especially ones that make their lives easier. Mobile credentials are no exception. Our salespeople tell stories of closing deals as soon as they show prospective customers that they can unlock their doors with their smartphone. Property managers have begun listing mobile credentials as one of their high-tech amenities to attract new residents. Users of mobile credential apps write glowing reviews about convenience.

Still not sure which access control credential solution is right for you? We’re here to help.

The goal is no longer just limiting access to a particular space but rather managing that space effectively.

Modern electronic access control systems offer a wide variety of features to allow you to better manage business spaces and to protect your business and your brand.

Working with a qualified security sales consultant will ensure you are not installing old technology into a new installation. There is an access control solution available that is convenient, secure, and works for your user’s technology level. You can touch with SSA Integrate to get proper way, what actual is required for your premises. They are solution service provider for SUPREMA, Magnetic FAAC & certified for Honeywell Winpak Access Control.


Saturday, October 16, 2021

Electric Strike Installation Guide

Electric Strike Installation Guide 

Follow this guide and you will install a strike correctly everytime. As we detail in this post, installing electric strikes successfully is mostly good preparation, but when done right provides years of trouble-free use. We use our test door to walk through the practical installation steps needed to get it right. Even if you never will install a strike in your life, do you know if your doors are right enough?  In this note, we walk through the steps needed to get it right, everytime.

The Steps

The process of installing strikes correctly is not complicated, but care should be taken to perform each step:

  • Door/Frame Alignment
  • Strike Box/Jamb Prep
  • Strike Prep
  • Power Connections
  • Final Checks

If all the steps are followed, installing strikes can take minutes and involve minimal troubleshooting. We cover the steps in detail below:

Door/Frame Alignment

Making sure the door and frame is aligned is a critical pre-requisite.

Strike Box Preparation

The next step is to cut the frame so the strike fits. Even 'zero cutting' surface mount strikes used with surface hardware may require frame modification, and it's a sure step when using mortise mount strikes. We break down these steps into two parts depending on the frame:

  • Factory Notched Frames
  • Field Notched Frames

Factory Notched Frames: The scenario requiring the least amount of prep work is a door frame factory notched to work with a certain strike, as was the case with our door. However, even a factory notched requires filing down sharp edges and bending or adjusting mounting tabs so they do not interfere with the strike.

In our door, the strike pocket was slightly undersized so we had to use a file to enlarge the opening. When performing this step, test fitting the strike to the frame is helpful, with attention paid to potential spots where the frame touches the strike. Any pressure or tight fit can warp the strike or cause it to bind, and the strike should fit easily into the pocket.

Field Notched Frames: However, many frames are not factory built to work with strikes, and more drastic modifications are required. In many cases, the existing strike box (called a dust box) needs to be cut out to make room for the new strike. The strike's installation manual generally includes specific instructions to take when modifying the frame, and the needed cuts can be made with a high-speed rotary tool (like Dremel) for steel frames or with chisels for wood. The image below is a standard example of the prep dimensions:

A good instructional video on how to cut out a mortise strike into a wood frame can be found below:

Strike Prep

After the frame has been readied, fine tuning the strike for install is next. That process follows these points:

  • Fail Safe Configuration
  • Trim Plate Installation (optional)
  • Power Cabling

We cover these steps in the video below:

Fail Safe Adjustment: Many electric strikes are 'field adjustable' for either power failure condition. Changing from one state to the other usually entails changing position of springs, solenoids, or even small levers. In the case of our strike, you must change the position of two small screws hidden under a label:

Most strike installations will use a 'fail secure' position regardless of where they are installed, and this is the default condition most are shipped with. We confirmed our strike was configured correctly, and left it as shipped.

'Trim Plate' Installation: For sloppy cutouts that may be unsightly or slightly oversized, most mortise strikes ship with an optional trim piece that hides the cutout. This trim, called an 'enhancer' or 'skirt' provides no security or operational benefit, just serves to cosmetically improve sloppy preparation work.

Power Cabling: Many strikes ship as 'Dual Voltage' compatible, meaning they operate given either 12 VDC or 24 VDC supplies. Some models include a dual voltage transformer in the housing with a single pigtail, while others are sold with two different pigtails trailing from the case. After confirming which supply voltage is available, the strike can be configured for use, typically involving twisting or jumping certain wire pairs together. The image below is the example wiring diagram for our strike:

Final Installation

At this point most of the work is complete and the payoff is close. There are just a few more check to make as the strike is finally installed into the frame:

  • Faceplate Selection
  • Power Connections
  • Installation/Shimming
  • Final Function Checks

These final steps are covered in the video below:

Faceplate Selection: Strikes generally ship with two or more faceplates, and selecting the correct one is critical during use. The 'keeper' area of the strike is bigger than the door lock's latches, and the faceplate narrows down the opening to match the specific type of door lock. This increases the 'tamper resistence' of the installation by eliminating potential gaps to insert prying tools behind the keeper.

Other door lock features, like the deadlatch, need a positive surface to rest on when the door is closed, and the faceplate provides this surface. Our strike was furnished with two options, and because it will be installed with a mortise lockset, we will use the 'mortise faceplate':

Power Connections: Power cabling for strikes should be 'run-to' rather than 'run-from' the strike. This means that the power cablings are most easily routed from the source (typically a controller), through the frame, down into the strike box. Especially when mortar shields are prepped into the frame, the actual opening to run cable out of the box is likely difficult to find. When using a fishtape or glowrods, they can be driven up and out of the frame, taped to the end of the cables, and the power leads are drawn down into the strike area.

Once the leads are in the box, they can be connected to the strike's pigtails. The image below shows our strike, which included a factory snap-style connector for both ends of the power splice:

Installation/Shimming: After power connections are made, the strike body should be inserted into the strike box, being careful not to pinch or crimp the cabling. If the prep beforehand has been done properly, this should be one of the easiest steps in the process:

The strike itself is not ready for use without sandwiching the faceplate down on top of the strike. At this point, with the faceplate seated onto the strike, it should be secured into the frame with the included screws or bolts. The strike itself should be square in the pocket, with no parts of the frame touching the strike except for the mounting tabs. 

If the strike appears to be too far forward or too far back into the frame, or if it can be 'wiggled' in the enclosure, then shims should be installed to take up the slack. Most strikes include shims and designate their installation locations without causing interference to the strike's action. The aim of shimming the strike is to give it a solid mount with the frame, not compensate for alignment issues. If those conditions are noted, then we recommend checking the squareness of the frame and alignment of the door.

Final Function Checks: At this point, the installer should check the strike's alignment with lock. Visually confirming the latches of the door lock are enclosed by the keeper is key. If the door latches do not physically make contact with any part of the strike when the door is shut, then the strike has been properly installed.

The goal of the installation is a strike flush mounted to the frame with no backpressure on the door's latches. If these situations are noted, the should be corrected before calling the job finished.

Final Thoughts

Most of strike installation is unglorious and even rough, but doing the basic prep work is necessary for trouble-free use. If the installer does a thorough job on the 98% preparation work, then actually installing the strike is an easy 2% effort.

If you have any question, contact us.

Friday, October 1, 2021

MINIMIZE VULNERABILITIES IN YOUR IP SECURITY CAMERA

MINIMIZE VULNERABILITIES IN YOUR IP SECURITY CAMERA 

A security consultant can act as an adviser for a building owner, occupant or property developer in relation to the design and incorporation of the security solutions. Clients typically require security consultants to advice on potential security threats and potential breaches, and to create contingency protocols to safeguard their organisation or assets. Every security consultant should guide about Camera vulnerabilities to there customers.

Internet Protocol (IP) cameras are an important component of state-of-the-art video surveillance systems. Unlike analog closed-circuit cameras, IP security cameras, which send and receive data through a computer network and the Internet, offer businesses a number of benefits. These benefits include the ability to monitor and control their video surveillance system remotely and a significant cost savings by allowing cloud storage of video files. However, like any device that is plugged into the Internet, without proper attention to cybersecurity, the same IP security cameras you have installed to improve security in your business may, in fact, be making it more vulnerable to physical and network attacks.

What are Hackers Looking For?

Hackers look for vulnerabilities to exploit, usually for malicious purposes. There are plenty of reasons why hackers might want to break into your IP security camera surveillance system, including some that promise potentially huge rewards:

·        They may be planning a burglary or a physical attack on your building or its occupants. If they can break into your network cameras, they can observe your physical security practices, including when guards come and go and where there are opportunities to enter the building. Once they know where and when to break in, your entire facility and all of its occupants are at risk.

·        They may want to take advantage of your business computing resources, such as your network’s processing power, for the purpose of stealing large data sets or more recently, mining cryptocurrencies.

·        To steal high-value trade secrets to sell to your competitors on the black market.

·        To steal personal information for the purposes of conducting phishing attacks to obtain credit card and banking information from individuals.

·        To install malware, such as keyloggers, to capture passwords as they are entered or ransomware that takes your system hostage until you pay the hacker to release it.

Are Your IP Security Cameras Vulnerable?

The short answer is yes. All security cameras are vulnerable to hacking. The unfortunate reality is that in today’s cybersecurity environment, the question is not whether your system will be hacked but when, which makes ongoing and proactive cybersecurity measures a must.

Hackers can break into your video surveillance system in a variety of ways. In addition to hacking the cameras themselves, they can get into your network through:

·        The computer operating system you use (e.g. Microsoft Windows, Linux, etc.)

·        The software your system uses, including digital video recording (DVR), network video recording (NVR), or video management system (VMS) software

·        Any firewall ports you may be using to access the system controls

Given these additional entry points, the security of your IP cameras depends not only on the cameras you use but also on the network technology and configuration of your system. In general, the relative security the system provides depends on how access is configured:

Most Secure — The safest system uses the local network equipped with a network firewall and virtual private network (VPN) software for access. With this type of system, the only way to get through the firewall is through a secure, encrypted connection.

An alternative to this would be to use a cloud-managed IP security camera. With this type of system, rather than opening the firewall and relying on a password to gain access to the camera on a local network, cloud-managed IP cameras are configured to communicate with a secured server in the cloud over an encrypted connection, and users gain access by linking up their devices with those servers. Cloud-managed devices offer a good alternative to locally networked systems because most cloud services monitor their servers continuously.

Least Secure — The least secure type of IP security camera is used in conjunction with a system that relies on port forwarding (China based OEM propose) for access, which allows users to access the camera through a network firewall with nothing other than a password. With this type of system, the only thing keeping a hacker out is the strength of the password used.

How to Protect Your IP Security Cameras

One of the most important things you can do to protect your IP security cameras is to know what you have and whether there are any known vulnerabilities. The CVE Security Vulnerabilities Database is a great place to start. This site tracks the vulnerabilities of all kinds of Internet of Things (IoT) devices and is searchable by the vendor (manufacturer), product and version, specific vulnerabilities and their severity. When checked regularly, this information can help you identify and address new issues with your IP security cameras so that you can address them more quickly.

A comprehensive set of cybersecurity best practices can go a long way to improving the security of your IP security cameras and your video surveillance system as a whole:

·        Contain and compartmentalize your internal networks. Creating separate networks for your video surveillance system and your information systems not only saves on bandwidth, but also minimizes risk should any part of your system be compromised.

·        If you are not already using a firewall, implement one as soon as possible.

·        Use a unique, long, and non-obvious password for each camera. This is critical if you are allowing access with a port forwarding system. If your system employs a VPN, however, having a single strong password for all cameras will suffice.

·        Change all passwords every 90 days at a minimum.

·        Enable two- or multi-factor authentication for your system, which requires the user to provide another piece(s) of information unique to the user, such as a code sent via text or phone, secret questions, etc. This is critically important if you are using a port forwarding system.

·        Develop and document cybersecurity guidelines and provide cybersecurity training to all employees who will have access to your video surveillance system.

·        Establish a cybersecurity incident response team so that you can swiftly and effectively respond to any breaches.

·        Stay on top of the operating system and software updates and apply them promptly when they come out.

·        If you use a cloud-based system, make sure you use a trusted provider.

·        Stay up-to-date with the latest cybersecurity standards.

 

Cybersecurity concerns are a long-standing issue for Hikvision, e.g., it was US government federally banned by the 2019 NDAA and the US government is planning to ban FCC authorizations for Hikvision, so this admission comes at a critical time for the company.

Researcher describes only access to the http(s) server port (typically 80/443) is needed. No username or password needed nor any actions need to be initiated by camera owner. It will not be detectable by any logging on the camera itself. This is the worst Hikvision vulnerability since Hikvision's backdoor was discovered in 2017 where Hikvision included a magic (ostensibly secret) string that allowed anyone with that string to perform admin operations, without having the device's admin credentials.

The attack can be executed via HTTP (port 80) or HTTPS (port 443). Once a camera has been compromised, the attacker can use it as a starting point to explore the rest of a victim’s network. Past attacks on connected cameras have also sought to enlist the devices into botnet armies capable of launching massive DDoS (distributed denial of service) attacks or spam campaigns.

This vulnerability is about as serious as they come, rated 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS).

IPVM estimate 100+ million devices globally are impacted by this vulnerability making it, by far, the biggest vulnerability to ever hit video surveillance. The combination of its critical nature (9.8 / "zero-click unauthenticated remote code execution") and Hikvision's massive market size make this risk unprecedented.

For background, back in 2016, Hikvision said they manufactured "more than 55M cameras" and the annual output has grown substantially since. Hikvision has therefore shipped a few hundred million cameras and tens of millions of recorders during the time frame the vulnerability covers.

The end-users who buy these cameras are responsible for the data/video footage they generate. They are, in other words, the data custodians who process the data and are in control of the video footage, which is required to be kept private by law (under the GDPR). Secret access to video footage on these devices is impossible without the consent of the end-user.

Dahua is another in Ban list. Watch above video. https://youtu.be/MtkeaoS3jBc

Keeping Up with Cybersecurity Threats Can be Daunting

Hackers are relentless in their attacks and there is not a single industry today that is immune to them. Almost half of all cybercrimes are committed against small businesses, and it has been predicted that a business will fall victim to a ransomware attack every 14 seconds by 2019.

If you need help with your video surveillance system, SSA Integrate can help. Our security experts stay on top of the technology and all the best practices in cybersecurity so you don’t have to. We give importance of our customer data security.

If you are installing a new video surveillance system, we can help you select the right technology to meet your needs and ensure it is properly configured to provide the top level security you expect. We can also look at your current system to identify and eliminate any vulnerabilities and provide the monitoring and updates you need to keep your system secure. Whether you need five cameras or 500, SSA Integrate can help. Contact us today to learn more.

Ref:

https://www.forbes.com/sites/leemathews/2021/09/22/widely-used-hikvision-security-cameras-vulnerable-to-remote-hijacking/?sh=138e83062f31

https://ipvm.com/reports/hikvision-36260

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36260

https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html 

Wednesday, September 15, 2021

Selecting Right Security Consultant

 Selecting of Right Security Consultant

To find the right person or organization for your project, check references, create a good request for proposal and learn whether or not they will be contracting out some of the work.

If you have ever considered using a security consultant and found yourself a bit confused by the topic, don’t feel alone. Finding the right consultant, one who will save you money and benefit your campus requires a little understanding. Here are some tips that should help clear up some of the confusion.

1. What is a security consultant?
A security consultant is an individual or group of individuals who have specialized knowledge in some facet of the security industry. A consultant should serve only the interest of his or her client. Persons who work with, for or receive compensation from a vendor, integrator or anyone else who may directly benefit from your project fall into a separate category.
Some vendors may offer to provide security planning free of charge. They may even do a competent and ethical job. The problem remains that in-house experts will always have conflicting priorities: 1. to maximize company profit, and 2. to save money and work solely in the interest of their client (the vendor or integrator). A true consultant works only in the interest of their client (the hospital, school or university) with no potential conflicts.
2. How do security consultants learn their trade?
Security consultants usually begin their career in one of the many disciplines in the security industry. They may start their careers as police officers, electronic engineers, installers, integrators or manufacturers. Individual work with MNCs last 10-12Yr can show appreciation letter from there customer. The list can be extensive. 
Knowing how and from where they developed their consulting career can be helpful in judging their compatibility with your project. The area where they began will often indicate the area(s) where they are most knowledgeable.
 
3. What activities are covered by security consultants?
One of the many difficulties in choosing the right consultant is that the field is incredibly broad. Security is made up of hundreds of individual disciplines, all of which must fit carefully together like pieces of a large jigsaw puzzle. Unfortunately, no one can be an expert in all of the related topics. Here is just a partial list of specialties: perimeter fences, exterior access control, workplace violence, emergency planning, security force management, security policy and procedure, training, video surveillance, logical access control, intrusion detection, systems integration, key management, door and window hardware, building design issues, crime prevention through environmental design. The list could keep right on going. 
Some projects can be handled by an individual, while others may require a team to ensure the proper depth of knowledge in each critical subject area.
 
4. Should I look for depth or breadth of knowledge in a consultant?
Some security consultants know a little about everything, others may know a great deal about a few things. Your needs will help you determine which is most important. 
Consultants with great breadth of knowledge are valuable in seeing the overall picture, identifying all of the puzzle pieces and figuring the best way to fit them together. Consultants with depth of knowledge may be better at providing specifications for specific electronic hardware that will best fit campus requirements and compatibility needs. Finding a specialist with relatively good general security knowledge can be a real plus.

The ASIS International management credential (CPP) was designed to help specialists gain a broad understanding of the other security disciplines that must fit with their specialty. Having a CPP is not a guarantee of competence, but it is a means for a specialist to broaden his or her understanding of overall security.

5. How can security consultants benefit my campus?
Security consultants can provide a variety of services that can be quite valuable. They can:
·        Provide an unbiased view of your security needs
·        Bring knowledge from solving problems in different environments
·        Save money by resolving problems with cost effective solutions
·        Bring a fresh pair of eyes to review campus problems
·        Provide recommendations that may have more credibility than experts from the campus security department offering the same thoughts and ideas
·        Assist in negotiating lower bids by knowing what the labor time and charges should be for individual tasks
·        Write comprehensive specifications that make it difficult for unscrupulous vendors to add charges during the construction period
·        Provide post construction services to ensure that all aspects of the job have been completed properly as detailed in the specifications
·        Help recruit and select a truly qualified vendor
·        Provide other assistance
Not all consultants offer these advantages, but they are all possible when the right consultant is selected.
 

6. Should a consultant specialize in one type of campus?

If, for example, you currently manage security for a hospital, should your consultant specialize only in hospitals? Too much emphasis on specificity is reasonable but may also serve to eliminate the strongest contenders. Hospitals, high rise buildings, university campuses and schools all have unique security requirements. It is beneficial to choose consultants who have worked with and understand these requirements. 
On the other hand, consultants who also have experience outside that specific client type of institution may bring a greater breadth of ideas and experience.

7. What should I know about my consultant?
There are many things you will need to know about your consultant before signing the contract, including:

    ·        Their reputation by talking directly to their clients
·        The types of projects they work on, particularly those with similar complexity to yours
·        He / She self is member of (Security part) ASIS, SIA etc. Also check OEM contacts how is.
·        The strengths of all team members who will be assigned to your project
·        That the team will be committed to your project.
·        If they have the breadth to understand your overall security needs, and where and how a specific countermeasure must fit within the overall security program
·        If they have the depth of knowledge to write detailed specifications that will avoid extra construction period charges
·        Whether or not they have the capacity to handle your project without unreasonable delays. Companies with too many existing projects can result in delays or shortcuts that result in cost overruns.
·       
Whether the contractor has any direct relationship with or receives compensation from any product or service that might relate to your project
 

8. What should I know about outsourcing and partnerships?
Some consulting organizations rely on partnerships to complete their tasks. This can be normal and beneficial to your project. Consultants who lack the required depth of knowledge in some area of your project can reach out to another consulting organization that has the requisite skill set.

It is critical that all partnerships and outsourced work be given the same scrutiny as the primary contractor. You will need to know their reputation, talk to their clients and have all team members listed along with their background and expertise.

9. How can I learn about a consultant’s reputation?
There are several things that can help in selecting the right consulting firm:

·        Develop in-house security knowledge. The broader your understanding of security, security countermeasures and how they fit together, the better you will be at selecting the right consultant.
·        Talk directly to former clients. Determine how close their project is to the one you anticipate. Ask about problems with their overall performance, including unanticipated cost overruns and delays in their service delivery. Ask how satisfied they are with the final result.
·        Get detailed information on all individuals who will be assigned to your project alongwith appreciation letter from his customers.
·        Check the information are true or falls.

10. How do I improve my chances in finding the right consultant?

·        Construct a well written request for proposal (RFP)

·        Take all prospective members on a job walk at least two weeks prior to the submittal due date 

·        Give them a good feel for your needs, areas of concern and project details 

·        Allow a period for them to submit questions prior to the proposal due date. The questions they ask may hint at their expertise. Share questions and answers with all potential vendors.

·        Have all competing vendors give a presentation on their approach and areas of emphasis that they would use in handling your project. Ensure that all evaluators fully understand the details of the RFP. 

·        The RFP should include mandatory disclosure of any monetary or other link between the consultant and any vendor that may be considered for the proposed work

·        Look beyond the low bid to your confidence in the organization and its ability to deliver what you need.

Thanks to Mr. James L. Grayson, CPP is a senior security consultant for Summers for support.