2006 Security Innovation Award Winner: Georgia Power Company

An enterprise-wide system in eight weeks means teamwork and innovation at their best

Editor's Note: Once again, thanks to everyone who submitted entries to our first annual Security Innovation Award contest. Every entry showcased an innovative solution to a difficult security problem. But our expert panel of judges could choose only one winning project. This year's winner: Georgia Power Company of Atlanta , GA. We'll be recognizing this winning project and presenting the award at a special event at the ASIS International Annual Seminar & Exhibits in San Diego, on Tuesday, September 26, at 3:30 pm in booth 1029. Please join us there to congratulate your peers.

Hundreds of facilities secured with dozens of different access control products. Systems installed by multiple integrators and contractors, with no common implementation standard. Business units and departments independently assessing and implementing solutions with little regard for other business units. Combine those issues with a large employee population frequently traversing multiple locations, and credential information manually entered one person at a time, in every separate system, and you'll have exactly what the corporate security department at Georgia Power Company faced.

Long-standing and disparate systems and procurement procedures combined with the challenge of meeting increasing regulations and legislation thrust Georgia Power, a Southern Company, into an environment that necessitated company-wide solutions that could provide a demonstrable and consistent audit trail.

Finding the Right People

The corporate security department established an advisory team representing line business units and staff departments to ensure they would reach a comprehensive solution, layered to accomplish the security goals of all of the parties. The advisory team, made up of representatives of corporate security, IT, power generation, power transmission, power distribution, and customer service, initiated the project with a study of the existing security program, but determined that it did not have the in-house expertise to spearhead such an undertaking.

Instead they turned to SecuraComm Consulting Inc. of Pittsburgh , PA , an independent security consulting and engineering firm practiced in program analysis and development, with extensive experience in system design and configuration. Together they created a plan to provide a complete study by year's end.

Realizing the diversity of the Georgia Power Company and the enormity of the project, the study team separated its tasks into three elements: analyzing the existing systems, infrastructure, and programs and recommending an appropriate solution; researching and identifying potential manufacturer partners; and identifying potential integrator partners.

At the recommendation of the advisory team, members of the corporate security department and SecuraComm surveyed representative facilities throughout the state and interviewed key staff members including facilities, IT, site and department managers, directors and executives. The review brought to light several essential requirements. A single access control manufacturer should be selected. The access control systems should share information if more than one system is required. The system should incorporate advanced IT functionality. Data entry should be reduced to as few locations as possible and integrated with existing database resources. And the system should be fail safe and disaster proof.

Finding the Right Products

Concurrent with the surveys, the team began to identify potential access control manufacturer partners that would be able to support the requirements. They issued a Request for Information (RFI) to four manufacturers, with two major objectives: (1) to identify the breadth and depth of each manufacturer's vendor partner support infrastructure and (2) to research their respective product offerings.

This content continues onto the next page...