TRUSYS Blog

Ryan Taylor, Principal of TRUSYS, was recently interviewed in a leading security magazine.  Martha Entwistle, of Security Systems News, contacted TRUSYS to help their readers understand the role of a consultant and how they add value to the security industry and technology suppliers.  This article covers insightful questions that provide some history of TRUSYS and Mr. Taylor’s experience in the industry.  To see the published article, click here: securitysystemsnews

Satish, tell us a bit about yourself?
I’m Satish Kumar, the third & last child to my loveable parents.  I was born & brought up in Bangalore.  Once called the garden city it is now recognised as the IT hub of INDIA.  As Bangalore is situated at a height of 3,000 feet above sea level, it’s considered the best place to live in India.

I did my primary & higher education at Christian missionary Maria Niketan School and I completed my Diploma in Electronics & Telecommunication at Mahatma Gandhi Polytechnic. Having an interest in Electronics, I joined an evening class on Radio & TV hardware practical training from the LIZZNER Institute.  I then added Computer Hardware & Networking training from the Sahara Institute of Technology.  And I completed the certification in AutoCAD & REVIT MEP at Kruthy Computers.

I started my Career in the Physical Security Industry with a leading Integrator in the Indian Market.  My career started with Field engineering as a trainee and in a short time I was able to learn the technology & concepts of Physical security.  I have successfully served when given the opportunity as a Field engineer, Technical engineer, Design Engineer, Project Co-ordinator and project manager.  I was ready and delighted when TRUSYS CEO Ryan Taylor asked me to spearhead the start of our company in India.

What attracted you to a career in the Physical Security Industry?

Initially I was interested in camera technology, their angle of view, coverage etc.  I worked with my brother in that Industry.  Naturally, I came across many security related products and concepts used in different configuration as per clients’ requirements.  I learned about CCTV, Access, Alarm, Fire, PA etc. Integrating them to respond between them in critical situation is the challenge that attracted me to the Physical security Industry.

India’s economic growth rate is the envy of the world.  How is this fast paced economy affecting your work?

Not only is there a lot of internal growth in India, but our economy is rapidly integrating itself with the rest of the world.  Large Indian firms like Tata or Mittal are rapidly becoming multinational firms as they invest abroad.  As they expand abroad and as multinational firms invest in India, there is a need for better security practices to protect the benefits we all get from international commerce.  This is one of the reasons why we felt that TRUSYS needed at its inception a presence in both the United States and India.

As to how it affects my work, it means that we work to the best international standards to satisfy both local and international clients.  It is also interesting to work for a multinational firm like TRUSYS as we can help one another by sharing best practices and expertise.

Tell us about the state of the physical security industry in India?
In the past, India was considered a very safe place where people relied on Indian defence and security.  The first blow that shattered that feeling was the suicide attack by the Liberation Tigers of Tamil Eelam that killed Prime Minister Rajeev Gandhi.  At that moment the physical security industry started slowly to develop in the Indian market.

Later the terrorist attack on the Indian Parliament and a series of low intensity bomb blasts in major cities pushed the growth of Physical Security industry.   After the 2008 “26/11” attack by Terrorist in Mumbai, the Physical Security Industry saw significant increases in sales & implementation.  In addition, the Fire incidents in Bangalore Carlton Tower fire and the Kolkata Shopping Mall fire increased the desire for physical security in the people of India.

Are the typical security practices in India different from other countries?

After the “26/11” attack the Physical Security practices aims to be no different than in other developed countries.

What are the main concerns you hear from your clients?

·    First, that the security system is not optimized to take full advantage of its features.
·    Second, the integration of fire and security devices like access control is a critical issue in case of emergency that is not always well planned.
·    Often CCTV installations are not optimized to the manufacturers’ specs and the coverage does not meet the clients’ needs.
·    Pre design document for a proposed project are inadequate.
·    And installations do not have proper “as built” documents produced for future maintenance or upgrading.

These are all typical needs that TRUSYS India professionals address.

Concluding a month long trip to the Middle East that included advancing his Arabic and client visits, TRUSYS Principal Jeff Baker attended the 5^th Middle East Energy Security Forum in Abu Dhabi.  Jeff reports:

“The speakers and panelists were of extremely high caliber and discussed a variety of topics affecting the security of energy within the Middle East. The entire event was narrowly focused at regional security professionals in oil, gas, and energy production.  The event attracted over 85 attendees from 19 different nations. It was self evident that the recent events of the Middle East and North Africa over the last six months has changed the status quo and highlighted new perspectives on a professionals approach to security.

A reccurring theme was that the traditional definition of “Security” should not be limited to the stereotypical view of guns, guards and gates. Matthew Hulbert; a Senior Fellow at the Center for Security Studies in Zurich, was the opening speaker and brought light to the instability and impact of “perception,” delivered from a geo political and world energy markets perspective. Libya for example represented 1% of the worlds’ oil production, yet the loss of this capacity brought about a corresponding 30% price increase based on their research. Security at an individual facility is only reflective of the overall security of a region, and security professionals must be prepared and proactive at a macro level, versus being reactive at a micro level. A very practical example of this was given by Dennis Amachree of Addax Petroleum based in Nigeria. In the last few years there have been hundreds of kidnappings amongst the Oil & Gas firms of Nigeria, and is now inherent to the environment. As a proactive measure, training is conducted for employees in preparation of a possible kidnapping and “proof of life” forms are the responsibility of the security department. Upon a show of hands within the room, Addax was the only company utilizing simple and proven “proof of life” forms as a tool for identification of employees. Highlighting once again to understand the potentials and not to address, only those things which has occurred previously.

All the presenters in some form or another emphasized that Security is no longer a service department, but is an integral part of protecting the ability of the firm to deliver value to their clients and shareholders. It is a promising maturation of thought that falls in line with Organizational Resilience Standards. It may sound redundant, but Organizational Resilience is about the Resilience – According to Webster, an ability to recover from or adjust easily to misfortune or change; and not the traditional view of security alone. As Nigel Carpenter of AMEC (a 30,000+ employee engineering and professional services operating in over 40 countries) said “Security is everyone’s’ business.” William Bryan of the US Department of Energy emphasized this approach even further when sharing about how the DOE approaches risk & security. In DOE language it is all about Reliability, Survivability, and Resiliency; notice that is about the firms abilities and not a specific technology or solution. In practice you cannot protect everything, so it is crucial to match your investment to the most probable and highest impact risks; any other approach is unwise, another way to say it is that you must have an understanding of your organizations’ “Risk Appetite.”

Amongst the attendees there was much discussion surrounding where “Security” fits within the organization. I was surprised to find the discussion was not as tactical in nature that I first expected. I believe it has been the recent events of the region that have driven this thought process. Granted we would like to believe our industry is proactive, but that is not necessarily the case as it is with human nature; pro-activity must be instituted as a process within organizations at least. To some extent the industry has done what we can; to highlight the point, if a Health & Safety department has had no issue they are applauded for the wonderful job they have done, and in contrast if a Security & Risk Management department has had no incidence they are written off as unneeded. Proving the value of security within an organization is an ever present need.

A second point of interest amongst the speakers was the commonality of extraction of personnel from the region in the recent months. Baker Hughes, Weatherford, Talisman and Hunt Oil all dealt with this issue and the sooner they acted and the more preparation there was the more successful the effort. These of course were only the companies highlighted that dealt with this issue; meaning there were many others that it had effected. These extractions decisions were based on intelligence. A presentation given by Bassam Ghellal of Whispering Bell provided an overview of the events in Libya and highlighted the value of accurate intelligence. Whispering Bell believes so much in the need for accurate intelligence that they have developed a product/service offering that gleans data from the populous, in a social media sort of way, is analyzed and made into actionable data in real time. This approach to information sharing was complimented by Fawzi Al Zamzami of Saudi Aramco, in sharing how their approach to information has changed from one of protecting to one of sharing in just the last few years.

This conference concludes this trip to the Middle East and reaffirms that the Middle East is a complex and challenging region, and for multi-nationals to truly be resilient they must possess a holistic perspective that is closely paired with the execution of the security strategy. As commonly occurs, a divide arises between the strategy and the execution for a variety of reasons but not limited to multiple service providers and inherently conflicting interests of the various service providers. This is precisely why the TRUSYS model of incorporating Strategy and Execution into the same service offering has been so successful with our clients.”

John Gargett is a TRUSYS Principal.  He recently authored a paper about the R-SEC methodology for ASIS Organizational Resilience Maturity Model (ORMM) Standard Comittee chaired by Dr. Marc H. Siegel.

Q: You recently delivered a TRUSYS Institute white paper on Organizational Resilience presenting the R-SEC methodology as a method to achieve Organizational resilience.  What prompted this research?

Gargett:  Over the last 30 years that I have been working in Security, Emergency and Crisis Management, I believe we as a community have to admit that many initiatives have failed, or at very least we have not achieved the goal of disaster resistant communities, organizations or companies. Over this same time period a number of lessons were learned, which can be simply summarized as not viewing security, emergency and crisis management as an ecosystem.  When this is ecosystem approach is undertaken, a different approach is taken, and I define this as R-SEC.

R-SEC recognizes that the traditional safety & security, emergency and crisis management planning is not sufficient for the changing world in which we now live.  The underlying premise of R-SEC is that silos of safety & security, emergency and crisis management, as well as these silos of organizational response do not ensure business continuity or organizational resilience.  R-SEC cuts across silos and views risks, threats and the potential for harm across the enterprise with every person in the enterprise having a role, a responsibility and commitment to achieving Organizational Resilience.

The ANSI/ASIS Organizational Resilience Standard is the only preparedness standard that takes an enterprise-wide view of risk management, enabling an organization to develop a comprehensive strategy to prevent when possible, prepare for, mitigate, respond to, and recover from a disruptive incident. This allows seamless integration with the new ISO 31000 Risk Management standard for a comprehensive risk management program and is 100% compatible with existing ISO management system standards (such as ISO 9001, ISO 14001, ISO 27001 and ISO 28000), thus enabling a cost-saving integrated application. By implementing the ASIS Standard, organizations can satisfy both ISO 28000 and BS 25999 requirements.

Q:  How do you define Organizational resilience?

Gargett:  Organizational Resilience is defined as the adaptive capacity of an organization to respond to chaotic events.

Q: What are the key elements of the R-SEC methodology?

Gargett: R-SEC brings together all departments and stakeholders, both internal and external, to develop a strong, resilient, and sustainable organization able to continue forward in the face of any risk, threat and potential for harm. R-SEC is implemented using T4 NetCentric Operational Excellence that is simply defined:

Four T’s: Teams, Techniques; Technology; and Training;

NetCentric: Technical, Social and Human Networks; and;

Operational Excellence: Leadership, teamwork and problem solving resulting in continuous improvement.

The underlying strength of T4 NetCentric Operational Excellence is the role of the individual.  The individual forms the cornerstone of responding to the impacts of events.  Everyone has a role. Every organization needs to recognize that its ability to remain resilient and sustainable is based on the collective strength of the individuals that comprise it.

Q: How is R-SEC different from past approaches to Organizational Resilience?

Gargett: R-SEC is different from other approaches principally because it is cross-silo, cross-risk, threat and vulnerability and has specific steps to achieve resilience through T4 NetCentric Operational Excellence.

Q:  You have worked into and observed our industry for over 30 years, and you are known for your passion.  What prompted your interest in Organizational Resilience?

Gargett: Simple.  Organizational Resilience is the first approach since the days of Civil Defence that takes a holistic ecological view of Security, Emergency and Crisis Management.

Q:  What keeps you passion for Organizational resilience alive in 2011?

Gargett: Chaos happens, it will continue to happen, and organizations continue to find they are not resilient.  Resiliency means that there are fewer human losses, property damage and that a state of normality can be achieved in less time and at less cost.

Click here to download John Gargett’s R-SEC and Organizational resilence from the ASIS ORMM page.

I have recently been asked by clients and Authorities Having Jurisdiction (AHJs) my opinion on the use of Internet Protocol (IP) communicators in lieu of the Digital Alarm Communicator Transmitters (DACTs) which have traditionally been used to communicate from a premise to a supervising station.

It appears that Section 8.6.4 in National Fire Protection Association (NFPA) 72 – 2007 allows for “Other Transmission Technologies”.  Many of the fire alarm manufacturers are now beginning to offer an IP communicator that is listed to the requirements found in 8.6.4.

My concern about an IP communicator, with no other alternative communication path, is that while they will be designed to have a battery backup for 24-hours or more, how do we ensure that the data equipment upstream, i.e. switches, routers, and gateways have same sort of emergency backup?  I have calculated a UPS (uninterruptible power source) for my home’s IP equipment, and it is not inexpensive.  List price for the UPS was over $10,000 as I recall.

So, in a long power outage, if we don’t have 24-hours or longer of emergency power to the IT equipment, how do we ensure that a fire signal gets to the Central Station?  The answer is that we cannot, but if correctly installed, the system will notify the end user at the site with a trouble signal.

There are some steps that I would suggest to help minimize this issue:

1. First you have to minimize the number of data connection points in the circuit.  If possible, I would connect directly to the router/gateway.
2. I would ensure that the IT components are secured in a locked room, cabinet, or enclosure to ensure that someone trying to obtain a spare data port doesn’t simply unplug the connection.
3. I would put wording into your monitoring contract that states effectively that if the client doesn’t have emergency power for those data components, that you, the monitoring provider, are indemnified against loss of signal due to the power loss.  (You should consult your attorney for specific language.)

An alternative is to use an IP/GSM (Global System Mobile Communication) dialer which can allow the IP communicator as the primary path and use the GSM as the alternative path when IP communication is not available.  This would be more like a traditional slave communicator that would monitor alarm, supervisory & trouble conditions.  To obtain a UL Commercial Fire Listing you must use all of the required components.

Prior to implementing this solution, you will need to make sure that your central station can receive both the IP and GSM signals, and that it is affiliated with the GSM network.

It would be great to hear from other members of the fire alarm industry on how the issue of IP communicators is being addressed in their area.

This post is contributed by Mr. David Miller, Principal at TRUSYS.

Two years ago we changed our design practices to make Building Information Modeling (BIM) and Integrated Project Delivery (IPD) a central piece of our processes.  We invested time to learn Autodesk and Revit and to investigate how these new 3d tools could enhance our designs and how we communicate better with our clients through the inevitable revision cycles.

BIM and IPD are now gaining traction with architects, engineers and building owners and operators.  TRUSYS pioneered using BIM and IPD for physical security systems design and we have been rewarded by growing revenue coming from leading BIM and IPD users.

For those of you not familiar with BIM and IPD follow this link to a brief article published by ITBusiness.ca illustrating with a real business case the great benefits of BIM and IPD.  Retrofitting a 61,000 square feet building in Massachusetts to LEED Platinum standard took 8 months from zero design to occupancy permit, a significant gain from the 12 to 15 months it would have taken without BIM and IPD.

Contact us if you’d like to know more about applying BIM and IPD to physical security systems design.

TRUSYS is excited to announce the move of their headquartrs facility to the Eastlake neighborhood of Seattle, Washington, USA.

Visit us at:

TRUSYS | True System Designers, Limited
1916 Eastlake Ave East
Seattle, WA 98102
(800) 905-6810

Courtesy of our friend Ray Bernard of RBCS, see a fascinating map of current geo-political and economic risks.  Ray shared this comment with us: “This map was passed along to me by George Campbell, author of Measures and Metrics in Corporate Security and Faculty Emeritus member of the Security Executive Council.  George said, “This one page offers an incredibly powerful overview of one source’s assessment of risk in 2010. It shows how a very complex map can be made to provide a mind boggling level of detail for a huge range of global risks.”

Warning… You may end up spending a few hours testing the various risks interconnections.