Evaluating a Security Purchase Before You Write the Check

Sept. 29, 2009
Issues to consider when upgrading video or access control systems

The type and extent of evaluating projects or equipment purchases prior to writing a check depends on the complexity and size of the security upgrade. The more complex the project or equipment purchase, the more effort that is needed to properly scope, design, select qualified vendors/suppliers and provide the needed contract documents to mitigate additional expenses. There are cases where the level of evaluation can be less intensive, but should still be thorough based on the size of the check. The larger the check, the more thorough the evaluation must be.
Like all decisions and evaluations in security, there are many aspects to consider. There is not one simple, easy-to-follow formula that will ensure a successful electronic security upgrade. Since this topic can cover every possible electronic security system function, I will look at situations that apply to the CCTV and access control electronic system functions to discuss the appropriate technical evaluations that should be considered before the check is written. The various situations will provide some concepts that can be applied to different electronic security purchases and projects.

CCTV System Upgrades
The first example involves an expansion of an existing CCTV system. In this example, we will assume that the existing system is:
1. Based on the technology we want to use when we expand; and
2. The basic front-end components are large enough to handle the expansion.
This purchase is primarily a large camera order, which is not overly complex, but will require a large check to be written.
We may be interested in a different camera from what is already being used and/or we may have other special issues that could include low-light outdoor applications, interior applications or applications where sunlight has a negative affect on using a CCTV camera. For example, a dock door facing east or west that causes sun glare when it is opened, or applications where the rising and/or setting sun causes glare problems.
No matter what the special issues are, there are some evaluation steps that can be taken to ensure the desired results before writing the check.
In this scenario, a different type or model camera might need to be purchased. Some of the basic evaluation issues would include the typical concerns for the desired CCTV applications, including lens, light level, technology, location, environmental issues and cost considerations.
Other than these typical considerations, an additional evaluation step should be taken — that is, the potential supplier should be asked to provide a sample of the actual camera that would be purchased so that it can be installed and tested in the location of concern. This enables the end-user to live with and totally understand, for a period of time, what their results will be when they purchase the additional cameras of the same type.
Obviously, the number of special-issue areas, different camera model numbers needed and any installation of loaned cameras from the supplier’s standpoint will depend on the size of the check. Most suppliers will be eager to help you with the needed camera or cameras (prior to purchase) based on the size of the project.

From Coax to IP
For the next example, let’s assume that we are changing CCTV technology from a hard-wired, coax camera system to an IP-based system. The same issues associated with cameras/lenses and any special issues still apply.
Some of the other issues to evaluate include:
1. Who can view which cameras?
2. Who provides the administration support, for the CCTV server, that is needed to define cameras, passwords and provide viewers access?
3. Will video be streaming or control by motion?
4. What is the impact on the IP network?
5. Does a private network need to be established for video?
6. Who manages and maintains the IP network?
7. How long is an acceptable down time for network and/or server maintenance?
IP camera systems are often considered to be part of the infrastructure and managed by the IT department. The concerns of the Security department need to be the speed of support, maintenance and availability of needed bandwidth. IT typically does not consider the security camera system to be mission-critical. This means that business-related repairs, and controlling viruses and worms are mission-critical. The IP camera system can and will be turned off if a virus appears to be coming from or retransmitted by the camera system. It can suffer repair delays if minor mission-critical issues arise.
There is also an issue of routine maintenance on the IP system that can appear when the IT department takes IT system servers, etc., down for maintenance. IT will also be concerned about the camera server hardware configuration; it’s operating system/capability/compatibility and being the system administrator of the CCTV server. All of these issues must be considered and resolved prior to writing the check.

Changing an Access Control System
In the next example, let’s consider changing the existing access control system to a different badge system technology. No matter which technology is chosen, it will require different badge readers. None of the card technologies are interchangeable with readers that use a different technology. Magnetic stripe is different from Weigand, which is different from proximity, which is different from smart card. Although proximity and smart card can both be RF-based, the frequencies are different; therefore, single technology readers are not necessarily interchangeable.
Multi-Technology Cards and Readers: Cards that are used for badges can be purchased with more than one technology and the badge readers can contain more than one technology to minimize costs. For example, if you already have a badge reader that is proximity and smart card, you can migrate from proximity to smart card with minimal effort, outside of the issuance of new cards.
These readers are fairly new, and to have them already in place would indicate an evaluation that was made some time ago, before the “check” was written; or the choice to use the dual-technology reader was simply luck. For this example, we will assume that the badge readers that exist are of a single technology. We could, however, use a dual-technology card for our badge and make the migration path to a new technology badge reader easier.
Reader Protocol: Another evaluation issue applies to the protocol used by the badge access control system. In some access control systems, the actual protocol for the readers can be defined in software. The card used for a badge contains a series of binary bits that can be clumped into different groupings that form a protocol. The protocol from one manufacturer to the next will be different. This means that the same badge will read differently from one reader manufacturer to the next.
In fact, there can be additional problems from one card/reader manufacturer to the next, even though they use the same technology. For example, a given manufacturer of smart cards and readers cannot properly read smart card employee credential numbers from a different manufacturer.
A smart card will provide a unique number from different manufacturers, but not the actual employee data stored on the card. All manufacturers can read a smart card’s serial number, but not the actual data on the card. This means that part of the evaluation process requires the selection of a card and compatible reader from a specific manufacturer. (The badge access control system from the reader back to the computer can be and typically is the vendor that the Security manager purchases the access control system through).
Again these issues must be understood, thoroughly worked through and resolved prior to writing the check.
Card Stock: Another evaluation consideration for a new card technology for employee badges includes the actual card stock used to make the badge. If the card stock is physically different from the existing card stock, as far as printing a security card/badge, then there can be additional cost to replace expensive badge printers that will work with the new card stock. Training on the new printer for the personnel making the badges can also be an expense that is overlooked.
The new desired technology often has several cards stock options to choose from to minimize the problem. These options can affect the existing printers and the cost of one card stock over another with the same technology can be very substantial in large companies. Sometimes a printable laminate overlay is used in the security printer to prevent purchasing new printers. The adhesive on the laminate allows the overlay to be applied to the new technology card without changing printers. This too, will affect the size of the check that is written.
Teaching Employees to Use the System: An area of consideration before writing the check applies to the card technology change and the employee’s use of the new system. It can seem obvious to security personnel how to use the new technology and the card technology change should not be a problem, but it can be. For example, when changing from a swipe type card, where contact with the reader is required, to an RF technology card, there can be problems. If the employees are using a swipe card (magnetic stripe or Weigand), training is needed when going to a proximity card. A proximity card is often a “touch and go” card. If there is a read range problem, there will be confusion as to what part of the card needs to touch or be in close proximity to the reader. The proper way of presenting the card to the reader can be a problem that causes employee frustration. The training does not have to be extensive. It could, for example, be addressed in the company newsletter.
Before changing out readers, part of the evaluation process should include the addition of a couple of readers for the Security department to use for some period of time before installing them in areas where the employees have to use the new readers to perform their job function.
Production and Distribution: A final area of consideration for changing a badge technology is the actual badge making and distribution process. There needs to be a new card distribution process that is part of the project plan. Employees may need to carry multiple cards to accommodate the different card reader technologies that exist during the migration process to a new technology; however, the dual-technology card used for making the badge as discussed earlier could minimize some of the potential problems of making a new single-technology badge during the reader conversion part of the project.
Nothing would be worse than changing out all the readers over a weekend and expecting the employees to use the new technology cold turkey on Monday morning. As Murphy’s Law would have it, every possible problem that could happen, would happen. The problems include the new technology cards not working, improperly defined employee credential numbers in the protocol and incorrect badge assignments in the database, card readers that were not functioning or poor read ranges and system configuration issues, just to mention a few.
The way the cards are manufactured and distributed can eliminate many of the potential problems.
We have looked at two subsystems of most electronic security systems applications and only a couple of types of projects. There are many additional projects and equipment purchases that are part of the Security department’s responsibility that you will need to evaluate before writing a check. An example of possible electronic system functions that can be part of the evaluation would include; alarm systems, fire systems, intercom systems and energy management systems.
The more functions that are part of the electronic security system, the more complex the total system solution and the larger the system will be. It is critical that every evaluation step be taken to ensure the best possible results before the check is written.

Robert Pearson holds a BSEE and is a Registered Professional Engineer. He has been an instructor at George Washington University teaching “Integrated Security Systems” and “Corporate Security Management,” has written numerous articles for various technical magazines and has recently published a book, “Electronic Security Systems.” On a day-to-day basis he oversees design, project management, and maintenance of security systems for multiple sites. Mr. Pearson is a member of the A/E National Standing Council for ASIS International.