Editor's Note: Once again, thanks to everyone who submitted entries to our first annual Security Innovation Award contest. Every entry showcased an innovative solution to a difficult security problem. But our expert panel of judges could choose only one winning project. This year's winner: Georgia Power Company of Atlanta , GA. We'll be recognizing this winning project and presenting the award at a special event at the ASIS International Annual Seminar & Exhibits in San Diego, on Tuesday, September 26, at 3:30 pm in booth 1029. Please join us there to congratulate your peers.
Hundreds of facilities secured with dozens of different access control products. Systems installed by multiple integrators and contractors, with no common implementation standard. Business units and departments independently assessing and implementing solutions with little regard for other business units. Combine those issues with a large employee population frequently traversing multiple locations, and credential information manually entered one person at a time, in every separate system, and you'll have exactly what the corporate security department at Georgia Power Company faced.
Long-standing and disparate systems and procurement procedures combined with the challenge of meeting increasing regulations and legislation thrust Georgia Power, a Southern Company, into an environment that necessitated company-wide solutions that could provide a demonstrable and consistent audit trail.
Finding the Right People
The corporate security department established an advisory team representing line business units and staff departments to ensure they would reach a comprehensive solution, layered to accomplish the security goals of all of the parties. The advisory team, made up of representatives of corporate security, IT, power generation, power transmission, power distribution, and customer service, initiated the project with a study of the existing security program, but determined that it did not have the in-house expertise to spearhead such an undertaking.
Instead they turned to SecuraComm Consulting Inc. of Pittsburgh , PA , an independent security consulting and engineering firm practiced in program analysis and development, with extensive experience in system design and configuration. Together they created a plan to provide a complete study by year's end.
Realizing the diversity of the Georgia Power Company and the enormity of the project, the study team separated its tasks into three elements: analyzing the existing systems, infrastructure, and programs and recommending an appropriate solution; researching and identifying potential manufacturer partners; and identifying potential integrator partners.
At the recommendation of the advisory team, members of the corporate security department and SecuraComm surveyed representative facilities throughout the state and interviewed key staff members including facilities, IT, site and department managers, directors and executives. The review brought to light several essential requirements. A single access control manufacturer should be selected. The access control systems should share information if more than one system is required. The system should incorporate advanced IT functionality. Data entry should be reduced to as few locations as possible and integrated with existing database resources. And the system should be fail safe and disaster proof.
Finding the Right Products
Concurrent with the surveys, the team began to identify potential access control manufacturer partners that would be able to support the requirements. They issued a Request for Information (RFI) to four manufacturers, with two major objectives: (1) to identify the breadth and depth of each manufacturer's vendor partner support infrastructure and (2) to research their respective product offerings.
Georgia Power requested the manufacturers provide a list of vendor partners and detailed information regarding vendor training, certification, and capacity. This information was used immediately to begin a review of the various vendor partners, as well as to add weight to each manufacturer's response to the entire RFI.
The RFI's second component requested the manufacturers present their products' network, functional, and operational characteristics and identify key elements that separated it from the rest of the pack. A team of subject matter experts reviewed the responses in a blind analysis. Scores and rankings were compiled using several statistical methods, and interviews were held. Results of the interviews were added to the original scores, and a manufacturer partner, Software House, was selected.
With a manufacturer partner selected, the corporate security team focused attention on the Software House vendor partners, determining that a Software House Enterprise Partner would be required to implement this large a system. Of the many integrators available in Georgia , two surfaced that had a sufficient number of Software House trained and certified technicians.
After a thorough analysis of the potential integrators' offerings, Georgia Power selected Tech Systems Inc. of Duluth , GA , to lead the initial product launch.
A Tight Turnaround
Knowing that Georgia Power Company President Mike Garrett was keenly interested in enhancing the security posture of the company, Corporate Security Manager Margaret Levine actively engaged with him about the technological solutions that would achieve the desired results. Eager to embark, Garrett released more than $3 million on November 6, 2004 to launch a company-wide project.
His mandate to corporate security: Replace a 200-reader access control system at six key facilities with a single, hot fail-over head-end system; implement video integration, central station monitoring, enterprise level database sharing and human resources database connectivity; import more than 25,000 card holders; stockpile hundreds of controllers and power supplies, thousands of smart card readers, PIRs, position sensors, door release buttons, and alarm sounders; procure tens of thousands of smart cards. Oh, and complete the project, including operator and administrator training, by December 31, just eight weeks away … with three holidays in the mix.
A Team Effort
Members of the new team organized immediately. Georgia Power Corporate Security, SecuraComm, Tech Systems, and Software House assembled operating teams and combined key representatives into a central project team.
Corporate Security provided central leadership, and its corporate facilities group pitched in a project management team; Southern Company Services IT provided a mechanism to quickly test and approve new products introduced to the company network; SecuraComm provided a team of consultants, system designers, and draftsmen; Tech Systems built a team that included company executives, operations managers, project managers, engineers, account managers, technicians, and a substantial installation labor force; and Software House provided sales and technical support personnel. Smart card and card reader manufacturer Indala was added to the team as well, to support a migration to higher-security credential technology.
Each team member identified needs in their areas of expertise. Corporate Security, SecuraComm, and Georgia Power Supply Chain Management developed a contract and purchase order. Corporate security and corporate facilities established performance requirements and timetables, secured access to installation sites, and provided supplemental security manpower during transition times. SecuraComm provided the overall theory of operation, laid out base system configurations, and identified product standards and quantities. Tech Systems and Software House identified system software requirements and negotiated equipment values to expand Georgia Power's purchasing capabilities. SecuraComm and Tech Systems established installation standards, and Tech Systems surveyed and engineered the replacement systems for the six core facilities and deployed advance teams to prepare for the installation. Software House also coordinated with partner Indala to provide premium pricing for more than 1,200 smart card readers and 15,000 smart cards—readers and cards that would be programmed with secure codes and keys—all while Indala manufacturing had already stopped production for the year to retool for new product introductions.
Dozens of installation personnel; a Tech Systems project team that included all sectors of the company; full-time, on-site coordination from SecuraComm; continuous product shipments from Software House and other product vendors; and unparalleled support from Georgia Power combined for a truly all-out team effort. For this project to be successful, nothing less would suffice.
Installing the System
Over three weeks, the new Software House C•CURE® system components were installed adjacent to existing system controls, setting the stage for a full system cut-over. Required to maintain security at all affected facilities, a 17-person Tech Systems cut-over team from offices in Georgia, North Carolina, and Tennessee converged to convert the entire system to the new C•CURE® system, with all components operational, in one 16-hour work day. Team success was realized, as the entire project was completed in seven weeks, one week before the deadline.
The inaugural implementation realized, the Georgia Power Corporate Office issued new smart credentials to all employees and contractors, and Tech Systems replaced every proximity card reader. New C•CURE® systems were installed at power-generating plants, at Southern Company's new Atlanta headquarters, and at facilities throughout the state. Independent systems were installed at the power-generating plants to remain compliant with OSHA requirements for full accountability of all persons on the site, and to accommodate each plant's physical security program requirements. Each system was programmed to synchronize with the main security management system, and central monitoring technology was implemented to permit off-site concurrent and secondary event monitoring.
Keeping with Mike Garrett's goal of being equipped for future security technology advancements, Georgia Power implemented an enterprise-level database-sharing program using Software House's C•CURE® Central. C•CURE® Central will upload real-time database additions, changes, and deletions from independent C•CURE® systems to an SQL database, where the data will be merged and downloaded back to each respective system.
To accommodate one of the initial study's goals to reduce data entry points, a team of Southern Company Services IT, GPC Corporate Security, SecuraComm, Tech Systems, and Software House representatives implemented a plan to integrate the data merging capabilities of C•CURE® Central with Southern Company Services human resources and IT technologies. Expanding the capabilities of a Southern Company-developed program designed to initiate and confirm permissions for IT access rights, an XML interface was developed that pushes record changes to C•CURE® Central for dissemination to each C•CURE® system.
As the central repository for all access and event monitoring data, the security management system has been further enhanced with the addition of STOPware Inc.'s PassagePoint Enterprise Visitor Management System and Alvarado Supervisor 2000 Optical Turnstiles at the Georgia Power Corporate Headquarters. Optical turnstiles grant entry to smart card credentialed personnel and to visitors issued bar coded badges. The strategically located turnstiles control building entry and ensure full accountability of all persons in an emergency.
C•CURE® NetVue integrated video monitoring “tags” Integral Technology DS Xpress recorded video streams with access control and alarm monitoring events, allowing pre-, post-, and event video to be accessed and managed via the security management system.
Innovation at Its Best
Innovation is defined as improvement, modernization, novelty, and originality. The continuing security implementation project at Georgia Power demonstrates each of these qualities in planning, equipment, implementation, and teamwork. Flexible, expandable, future proofed, and forward thinking, the Georgia Power security management system clearly represents innovation at its best.