In recent years, more and more security technology providers have worked towards obtaining SAFETY Act Certification; however, there is still confusion as to what the certification signifies and how it provides value to security designers and end-users. Many ask if it should be used to differentiate a manufacturer from another, or even service providers.
Let’s take a closer look at the impact of the SAFETY Act on the security ecosystem. For more information about SAFETY Act- approved technologies and application requirements, visit www.safetyact.org.
The Overview
SAFETY stands for the Support Anti-Terrorism by Fostering Effective Technologies. The Act was adopted as part of the Congressional Homeland Security Act of 2002 in response to 9/11.
At its most basic level, the SAFETY Act provides legal protections for the manufacturers and end-users of qualified anti-terrorism technologies or services that could theoretically be used to help save lives in the event of a terrorist act. In effect, the SAFETY Act is one of the few tools the government has at its disposal to help encourage the development and implementation of security technologies in the private sector.
As the private sector still owns and maintains a great deal of critical infrastructure, landmarks and large public gathering places in the United States, The SAFETY Act is intended as a way to prompt additional security for these facilities without the difficulty or backlash of federally mandates. In terms of scale, according to DHS, there are more than 1,000 anti-terrorism technologies currently approved under the Act.
There are two levels of SAFETY Act protection available through the Department of Homeland Security, each of which are awarded in five-year increments:
1. Designation: Sellers of technologies that obtain “Designation” status with DHS receive a limit on third-party liability, set at an approved level of insurance. If a terrorist act occurs and a lawsuit is brought against the seller, that suit can only be brought in federal court, and punitive damages and prejudgment interests are barred.
A form of Designation is also available to technologies that are currently being developed and tested, known as Developmental Testing and Evaluation “DT&E” Designation. This protection is intended to protect the development of those new technologies, by granting similar protections as fully developed products. DT&E Designation is particularly useful for systems in beta testing, where the cost of liability insurance could reach the point of being prohibitive.
2. Certification: Certified technologies get all of the benefits of the designation, with the added benefit of immunization from liability through the Federal Government Contractor Defense. This law defense can effectively immunize the contractor/technology provider from liability in state or federal actions, where a plaintiff might allege that a defective product caused harm or injury in a terrorist event.
NextGen Security, the 2017 top-ranked company in this magazine’s Fast50, is an example of a contractor that achieved the SAFETY Act certification. “It took two years of time, money and hours to accomplish it, but it really set us apart from everyone,” company president Ryan Loughin said in the 2017 NextGen profile. “We are covered cradle to grave for all the services we provide, and you would be hard-pressed to find another integrator in the country with that broad of a designation under DHS.”
While court examples where SAFETY Act protection has been cited are limited, certification status has certainly been responsible for insurance premium reductions.
It is important to note that SAFETY Act Certification is not just for products and technologies. In recent years, more and more end-users have applied for and received SAFETY Act certification for specific facilities and venues. This would extend SAFETY Act protections to the end-users of those facilities in the event of a terrorist act.
Example organizations with Certification status include the World Trade Center in New York, Madison Square Garden, Little Caesars Arena in Detroit, and the Cleveland Browns Stadium. As part of the application process, these facilities must submit a Threat and Risk Assessment that validates the physical security and security technology measures implemented.
Editor’s Note: Read more about how Little Caesars Arena achieved certification status in our December 2018 cover story, “Security Project of the Year: Little Caesars Arena” at www.securityinfowatch.com/12437827.
This is one way that professional security consultants have helped distance themselves from the “security system designer” crowd – certification as a facility or venue is not a simple process, and a certain level of knowledge and experience is required to develop the justification needed for security design decisions.
The Benefits
Is SAFETY Act Certification a viable way to differentiate products in the marketplace? My opinion is that it depends. There are a lot of great technologies out there from major, trusted manufacturers that are not certified, and I have not yet seen any projects with a requirement for certified-only products. Where the better value may lie is in newer technologies and companies. For a product to be certified, it needs to be tested and proven to be effective. Status with DHS may help separate the truly viable and useful products in the marketplace from those that may only exist in catchy sales literature.
As a designer, a SAFETY Act badge would certainly give me a certain level of comfort when considering a newer technology or company. For startups, it is worth considering as a liability suit from a terrorist attack, while rare, may be a company-ending event.
The SAFETY Act may provide future benefits as we contend with the ever-increasing threat of cyber-attacks. As the SAFETY Act applies to cyber security technologies as well, protection from a cyber liability lawsuit may be a very useful tool for manufacturers and programmers looking to develop the next evolution of cybersecurity products.
Brian Coulombe is Principal and Director of Operations at DVS, a division of Ross & Baruzzini. He can be reached at [email protected], through Linked in at www.linkedin.com/in/brian-coulombe, or on Twitter @DVS_RB.
