There is more to security than CCTV
Over the last few months, aside from doing the typical security design and risk assessment work that accounts for the bulk of our time, we have also been auditing a diverse mix of commercial properties and acting as expert witnesses in a couple of civil suits. It has been both varied and challenging at times.
What has been really interesting is learning what security means to each of the businesses that we have been working with and how they go about securing their properties.
One of the common themes has been a very high reliance on CCTV for property protection which we would strongly recommend against unless the CCTV is supported by other systems and processes.
So we thought it was time to explore what security is, how it should be applied to your property or commercial premises and how to determine what you might need aside from CCTV.
What is security?
A quick search of dictionary.com states that security is:
- freedom from danger, risk, etc.; safety
- freedom from care, anxiety, or doubt; well-founded confidence
- something that secures or makes safe; protection; defense
- precautions taken to guard against crime, attack, sabotage, espionage.
It is clear from these descriptions that security is intangible. It is not necessarily a product or a service, but more of a mindset. And it will likely be achieved only once a series of steps or precautions have been undertaken.
How do we apply security to your property or commercial business?
They will be dictated by the property in question and its individual risk profile. This cannot be guessed or assumed as each and every property will be different in some way; differing suburb and local environment, neighbouring properties, traffic patterns, crime rates, accessibility, lighting, parking, trees and foliage……the list goes on and on.
A fellow security professional that I have known for many years and have enormous respect for, once said to me that that the level of security required is always “just enough”. It’s a principle we have embraced at Matryx and helps us bring perspective to many of the security recommendations we put to our clients. So the very first step that needs to be determined is what “just enough” is, relative to the property we are advising on.
The best way to do this is to undertake a security risk assessment in accordance with ISO 31000 for risk management. This will identify the risk profile of the property and determine what risks need to be considered and addressed.
From the risk assessment process, it is common for a whole series of recommendations to be put to the client for consideration. We say consideration, because whatever is recommended to the client needs to make sense and not contradict the theme of the business. For example, you wouldn’t recommend steel bars and roller shutters to a welfare organisation that is heavily involved in community engagement. Security needs to achieve a purpose and more often than not, will come with a low profile.
Security needs to achieve a purpose and more often than not, will come with a low profile.
Assessing your security performance.
How well is your security working for you?
When we are deciding what measures are appropriate in determining the success of your security performance, we need to be mindful of what each treatment is capable of achieving relative to the fundamental principles of security risk management. These principles are:
- deter – will the measure provide a level of deterrence?
- detect – will the measure aid in the detection of unlawful access?
- deny – will the measure aid in the denial of unlawful access?
- delay – will the measure delay access into or from the property?
- respond – will the measure allow an efficient response to a criminal or other event?
Very few security treatments can tick all the boxes and achieve full compliance with each of these principles. So more often than not, security will be achieved through a range of treatments that are complimentary to one another.
When recommending a security treatment that has a physical or operational aspect to it, we need to understand exactly what function it will perform. The simple way to do this is to use a table such as we have below to compare treatments and to understand what value they can add from a security perspective.
When recommending a security treatment that has a physical or operational aspect to it, we need to understand exactly what function it will perform
In the table below, we have listed a range of treatments that can enhance security and would be common to many commercial properties, as well as help you determine how well your security is working for your business and meeting your organisational objectives.
Security treatment |
Deter1 |
Detect |
Deny |
Delay |
Respond |
| Security lighting | Possible | Possible2 | No | No | No |
| CPTED compliance | Possible | Possible2 | No | No | No |
| Locked doors and windows | Possible | No | Yes | Yes | No |
| Window grills | Possible | No | Yes | Yes | No |
| Cyclone fencing | Possible | No | No | Yes | No |
| Security fencing | Possible | No | Yes | Yes | No |
| Intrusion detection | Possible | Yes | No | No | No |
| Remote alarm monitoring | No | No | No | No | Yes |
| CCTV | Possible | Possible3 | No | No | Yes |
| Physical locking | Possible | No | Yes | Yes | No |
| Bollards | Possible | No | Yes | Yes | No |
| Security gates | Possible | No | Yes | Yes | No |
| Security guards | Possible | Yes | Yes | Yes | Yes |
| Security patrols | Possible | Yes | No | No | Yes |
1. Deterrence is subjective and will be based on the state of mind and motivation levels of the individual
2. Detection would be achieved through improved visibility within and of the property which increases the risk of being observed
3. Where video motion detection (VMD) or other analytics has been applied
In an ideal scenario, you would employ a mix of treatments that ensures you can achieve a “Yes” in each of the 5 columns at least once when all the security treatments applicable to the property have been listed. Once you can confidently say that, you have probably achieved a reasonable level of security.
To improve on that further, we would recommend that at least two methods of detection are always used. This could be reed switches fitted to perimeter doors and internal intrusion detection. Or intrusion detection and VMD. Or Security guards and CCTV. The point here is that if one treatment is bypassed for some reason, that another opportunity for detection still exists.
For high security properties or where risk of loss is greater, we would go further again and ensure that each column has a yes in it at least twice or more. This is good security risk management
If you are not sure how many boxes you can tick in securing your property, or how well your security is working for you, ask us and we will show you how.
