Here are some common IT project elements and what they can relate to for security technology deployments:
- High-level business requirements: short and long term strategies, future concept of operations (CONOPS in the military), regulatory compliance fall into this category
- Business case: the business case captures the risk mitigation aspects, as well as TCO (total cost of ownership) for the technology, and the hard and soft ROI for the technology investment
- Functional requirements: these are requirements relating to security operations functions such as specific reports needed, interaction between access control and video systems, performance requirements (such as turnstile throughput, full duplex rather than half-duplex intercoms, access control elevator button activation time), as well as DR/HA requirements
- Technology requirements: these include industry standards, corporate standards, support for legacy devices, integration and interoperability requirements, expected product life cycle, as well as system and application architecture
- Network requirements: Quality of Service (QoS), subnetworks, VPNs, Virtual LANs, Power over Ethernet (PoE), and bandwidth requirements are in this category
- Security requirements: as critical systems, there are physical and logical access requirements as well as computer and network security requirements; usually there are corporate information security policies and standards that apply
- Deployment staging: will a staging platform be required to test the initial deployment and upgrades before they are put into production use?
- Testing: proof of concept, initial acceptance (readiness for deployment), operational acceptance (30-day ongoing test), and ongoing testing often apply
- Risk assessment: what are the risks to the IT infrastructure posed by currently installed technology and candidate technology being considered?
If IT is providing support, then there may be two service level agreements (SLAs): one with the security systems integrator and one with IT.
Most successful collaborations with IT begin in exploratory mode, and then become oriented around specific needs or projects. For small projects, see if there is an "IT Lite" mode that can be applied or developed. IT can offer a wealth of resources, some at no cost and some for less than it would cost for an outside firm or systems integrator to provide. When IT becomes Security's force multiplier, a few people in Security can in effect accomplish the work of many, and to an appropriately high standard.
If you have convergence experience you want to share, e-mail your comments to me at ConvergenceQA@go-rbcs.com or call me at 949-831-6788. If you have a question you would like answered, I'd like to see it. We don't need to reveal your name or company name in the column. I look forward to hearing from you!
Ray Bernard, PSP, CHS-III is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services. Mr. Bernard has also provided pivotal strategic and technical advice in the security and building automation industries for more than 23 years. He is founder and publisher of The Security Minute 60-second newsletter (www.TheSecurityMinute.com). For more information about Ray Bernard and RBCS go to www.go-rbcs.com or call 949-831-6788. Mr. Bernard is also a member of the Subject Matter Expert Faculty of the Security Executive Council (www.SecurityExecutiveCouncil.com).