Chapter 4 Physical Protection Systems and Project Management Flashcards
Key Points 1
Physical security focuses on the protection of people, property, and information.
Key Points 2
An integrated PPS incorporates three major elements: 1) architectural elements, 2) operational elements, and 3) security system elements (technology).
Key Points 3
The core PPS elements can be further classified into three types of measures: 1) preventative measures, 2) corrective measures, and 3) detective measures.
Key Points 4
There are six phases involved in PPS implementation. They are: 1) planning, 2) design and estimation, 3) procurement, 4) installation and operation, 5) training, testing, and warranty, and 6) maintenance, evaluation, and replacement. Each phase must be completed in chronological order.
Key Points 5
The planning phase is the first step in implementation of a PPS and it is the most important phase in the entire process.
Key Points 6
The first task in planning is to choose the project team with representation from all stakeholders.
Key Points 7
ROI is a calculation using quantitative formulas to determine the amount of revenue generated by efficiency, or the potential loss reductions (savings) in dollars
Key Points 8
One major output during the planning stage is the requirements document, which identifies the primary reasons for implementing/upgrading the security measure.
Key Points 9
Technology can be used as a force multiplier to complement procedures and provide balance and checks, but employees are the greatest resource when it comes to a security program.
Key Points 10
The outputs during the design phase are referred to as the bid package or construction documents, which include: 1) bidders instructions, 2) design specifications, 3) drawings and schedules, and 4) hardware schedules.
Key Points 11
A successful design incorporates 1) architectural aspects, 2) security systems and 3) operational aspects. The most significant factor, when it comes to security design, is the architectural aspect.
Key Points 12
Riser diagrams are representations of complete subsystems that are very important because they illustrate the layout of all devices and their relationship with one another.
Key Points 13
Prevention, control, and recovery should be considered when designing a system.
Key Points 14
There are three elements in a model specification that document: 1) general, 2) product, and 3) execution.
Key Points 15
Surety bonds are guarantees to live up to contractual requirements. There are four types; 1) bid bonds, 2) payment bonds, 3) performance bonds, and 4) ancillary bonds.
Key Points 16
There are three types of estimates: 1) budgetary estimates, 2) preliminary design estimates, and 3) final design estimates.
Key Points 17
Life cycle cost includes data and engineering, installation, operating, taxes, bonding, and contingency. Maintenance costs are also to be included into the life cycle cost calculation.
Key Points 18
There are three main types of procurement methodologies: 1) sole source, 2) request for proposal (RFP), and 3) invitation to bid (IFB).
Key Points 19
The bidder’s conference should be two-four hours in length and should allow all project bidders to see the site, assess design requirements, and ask questions. This will create efficiency in the bidding process.
Key Points 20
The local Authority Having Jurisdiction (AHJ) typically approves the installation after a detailed inspection of the work being performed.
Key Points 21
Training should be completed 30 days prior to site acceptance testing and should include all facets of subsystems, components, and software. A second training session should be held seven days prior to site acceptance testing.
Key Points 22
Commissioning of the system is the process of ensuring that all systems are designed, installed, tested, and operated according to the operational requirements of the customer.
Key Points 23
At the end of the project, after all deliverables have been met, and the project completion certification signed, the warranty period should begin. A warranty should be 12 months to 24 months (12 months is typical) from the date of final implementation.
Key Points 24
The single-maintainer philosophy should be used (one company to service the equipment) to avoid multiple vendors blaming each other over the issues that may be encountered.
Key Points 25
There are two main types of maintenance agreements: 1) remedial agreements, and 2) preventative maintenance agreements.
Key Points 26
Service response times of two to four hours with an immediate call from a technician are more common in the industry. A high-support level for service is expensive when compared to lower level support.
Key Points 27
A project is a temporary process used to complete a specific program where the deliverable is based upon a timely completion, within the assigned budget.
Key Points 28
Project management is the mixture of people, systems, and processes all working together to achieve a successful completion of the project.
Key Points 29
Three elements that must be managed properly to achieve a successful project are: 1) planning, 2) coordinating, and 3) controlling.
Key Points 30
Other constraints that a project manager must manage and balance to bring the project to successful completion are: 1) scope, 2) cost (budget), and 3) schedule (time).
Key Points 31
A project manager should possess several key skills: 1) general management, 2) leadership, 3) supervising, 4) team building, 5) written communication, and 6) verbal communication.
Key Points 32
There are three main tools that the project manager uses: 1) training, 2) software, and 3) determination.
Key Points 33
The four basic stages of a project are: 1) project feasibility, 2) project development, 3) project execution, and 4) project closeout.
Key Points 34
Work Breakdown Structure (WBS) defines the activities for the project life cycle and captures all portions of the work. It includes all deliverables and life cycle phases.
Key Points 35
The Change Review Board (CRB) acts as a clearinghouse for project changes. The CRB provides formal evaluation of requests, assessments of feasibility, and notification of all necessary parties.
Key Points 36
Small changes in a project’s scope (scope creep) can lead to bigger problems down the road. It is important to: 1) balance controls, 2) revisit the scope definition and 3) develop change requests.
Key Points 37
The project manager wants to prevent management from losing interest in the project or borrowing needed resources for another project. Some ways to avoid these pitfalls are by revalidating sponsorship of the project and improving the communications of successes.
Key Points 38
Steps to improve enthusiasm among team members are to 1) reinforce the project objectives and support, 2) observe leadership style, 3) assess the team selected, and 4) reinforce coordination of activities.
Key Points 39
A project should not be closed-out until 100 percent of the project has been completed. Once the project is closed-out, the final step in the project is to disband the project team.
Physical Protection Systems (PPS)
systems that combine people, equipment, and procedures to protect against the theft, destruction, malicious use, and sabotage of assets
An integrated PPS incorporates three major elements:
- Architectural elements are site layout, barriers, locks, lighting, space design, etc.
- Operational elements are staffing, policies and procedures, emergency response, etc.
- Security system elements are access control systems, surveillance equipment, intrusion detection systems, etc.
PPS elements can be further classified into three types of measures:
Preventative Measures
Corrective Measures
Detective Measures
Preventative Measures
These measures are designed to reduce, deter, or deny the effects of an attack. Examples include barriers, locks, CCTV systems, security policy, and site procedures.
Corrective Measures
These are measures that provide the most efficient response to an attack. The goal with a corrective response is to neutralize the attack and restore the operation back to normal.
Detective Measures
These measures should detect and assess attacks and should include CCTV systems, intrusion detection systems, communications, and investigations. Typically, detection measures will initiate a corrective response or other preventative security countermeasures.
Five Steps to Ensure Properly Installed System
Assess and plan Create a conceptual design solution Complete any construction documentation Build the system and negotiate Install the system, test it, and turn over if necessary
Six Phases during the PPS life cycle:
- Planning
- Design and estimation
- Procurement
- nstallation, operation, and training
- Commissioning and warranty
- Maintenance, evaluation, and replacement
Bidders’ Instructions
Outlines the bidders’ qualifications for the job such as licensing, certificates, and experience.
Planning Phase Objectives
PPS objectives PPS measures and mitigation effectiveness Requirements document Operations justification Economic justification Preliminary budgetary estimate Preliminary schedule
Document Critical Success Factor’s(CSF)
- Ensure that selected solutions will mitigate specific vulnerabilities.
- Provide a cost-benefit for each solution.
- Identify people, equipment, and procedures required for each selected solution.
- Provide the foundation for a complete specification that will be used to procure and implement the solutions.
Phase one planning deliverables include:
Risk assessment report Procurement method to be used Budgetary estimate of the overall cost of the measure Project manager selection Project team selection Design criteria Contracting and legal requirements
PPS implementation phase two - design and estimating
This involves documenting the entire process to better support the procurement of equipment and services. It includes the bidder’s instructions, contact information, specifications, statement of work, drawings, and equipment schedules. In addition, it will include budgetary estimates, preliminary design estimates, final design estimates, and life cycle costs.
Phase Two Specifications
A successful design incorporates 1) architectural aspects, 2) security systems and 3) operational aspects. The most significant factor, when it comes to security design, is the architectural aspect.
Plan Drawings
Plan drawings show a top-down, map like view of the area indicating the location of security devices.
Elevation Drawings
Elevation drawings are views of vertical surface drawings and illustrate mounting heights of devices (wall mounted devices).
Detail Drawings
Detail drawings explain elements of the system in more detail such as mounting specifications and cable terminations.
Riser Diagrams
Riser diagrams are representations of complete subsystems that are very important because they illustrate the layout of all devices and their relationship with one another.
Hardware Schedules
Hardware schedules are tables of related security devices that include information about doors, data, and CCTV. Specifically, these schedules list the location of all panels, cameras, and other devices such as card readers.
Three elements in a model specification:
General -Authority and responsibilities, a summary, objectives, specifications, interfaces and codes/regulations, customer supplied materials, bonds and insurance, and warranty and maintenance
Product -Equipment lists, type of equipment, specifications to be met
Execution -Site preparation, quality controls, coordination, special equipment, testing and commissioning, as-built drawings, training, programming, and upgrades
PPS implementation phase three – procurement
Procurement is the third phase of the PPS cycle that usually begins when it is determined that a new security system is needed. The formation of a procurement committee is the next step
Three major types of procurement methods:
Request for Proposal (RFP)
Invitation for Bids (IFB)
Sole Sourcing (SS)
Invitation for Bids (IFB)
In an IFB, which is also often referred to as a Request for Quotation (RFQ), the organization offers its own PPS design and is seeking the lowest price on materials and installation. Unlike the latter two procurement methods, an IFB procurement process provides the supplier with documents detailing a specific system to bid on. The vendor responds with only the product and installation costs. For an IFB to be successful, the customer must have its own PPS system designs produced internally. Advantages to using this method are short time frames for completion and a more simplified process. But, unfortunately, the tradeoff for a more simplified process is an increase in upfront costs for the organization. Typically, the qualified bidder with the lowest pricing will receive the contract award using the IFB method.
RFP
The most costly and time-consuming procurement method is an RFP. Agencies of the U.S. government were among the first organizations to use the RFP process. The RFP method usually will offer the best price, quality, experience, and scheduling. In an RFP process the customer, not the vendor, provides specific requirements of the systems. Then, chosen vendors provide a proposal based on that information. The most common elements found in the vendors’ proposal are a detailed document with clear instructions about the various systems, installation methods, and cost breakdowns. If an RFP is 20 to 30 pages in length, then it is anticipated that the responding vendors will send a 40- to 60-page proposal. While this procurement seems to be the fairest strategy it is the most time consuming—often taking 18 to 24 months to develop—and very costly to administer.
Sole Source(SS)
Sole source bidding usually requires the integrator to be knowledgeable about the needs, system, and prices associated with the project. Sole source procurement is when one chooses to use only one vendor. These projects are not put out to bid, but rather awarded based upon the integrators knowledge about the various systems and their respective requirements. Sole sourcing is typically used for smaller projects and upgrades to existing systems. There are advantages and disadvantages to using this procurement method. Benefits include short timelines for project completion and simple plans. The disadvantages are increased regulation and difficulty in gaining approval. Many companies have policies that regulate sole source bidding based upon dollar value limitations.
PPS implementation phase four - installation, operation and training
Phase Four consists of site preparation, installation of the system and subsystems, and accepting and commissioning the system. This phase also includes training on the operation for everyone who is involved in operating or maintaining the system as well as training the applicable people on the systems.
Possible Issues with Training
Quality of training staff Time schedules Personnel involved Location of site Training costs Follow-up capability
Deliverables from Phase Four
Training syllabus and manuals Agendas, schedules, and class evaluations As-built drawings Operating procedures System documents (narrative description of the components, expansion capabilities, ancillary functions, limitations, routine maintenance requirements, instructions for testing the system, and a service directory) Response procedures All testing results Punch list Project completion certificate
PPS implementation phase five - commissioning and warranty
Commissioning of the system is the process of ensuring that all systems are designed, installed, tested, and operated according to the operational requirements of the customer. A Commissioning Plan details how the organization wants the system installed and commissioned. It may also state how to upgrade the system at the end-of-life cycle for the equipment.
Phase Five Tests
Pre-delivery or Factory Acceptance Testing(FAT)
Site Acceptance Testing(SAT)
Operational Reliability Test(OAT) or Avalibility Test
Post-Implementation Test
Pre-delivery or Factory Acceptance Testing(FAT)
Factory acceptance testing falls to the vendor or manufacturer, who is responsible for testing components and the integrated system prior to installation. Such testing can reduce the amount of installation time while onsite and should reduce the potential for non-operable components being shipped for installation.
Site Acceptance Testing(SAT)
Site acceptance testing is completed after installation and usually approximately two weeks prior to turnover. Each subsystem is tested as well as the entire system to ensure all performance criteria and functional system requirements have been met.
Operational Reliability Test(OAT) or Avalibility Test
Phase I testing is 24 hours a day for 15 days, no repairs are made unless authorized by the customer, and requires written permission to proceed to Phase II testing. Phase II testing is 24 hours a day for 15 days and no repairs should be made unless authorized by the customer. All tests can be restarted by the customer if any part of the system fails during testing. The contractor should provide one contact person to be available 24 hours a day, 7 days a week during both testing phases.
Post-Implementation Test
Post-implementation tests are completed after the implementation. They include:
Operational tests Performance tests Post-maintenance tests Limited scope tests Subsystem tests Evaluation tests
PPS implementation phase six - maintenance, evaluation and replacement
The final phase in implementation is the Maintenance, Evaluation, and Replacement Phase. This phase involves preventative and remedial maintenance, documenting service records, spare part requirements, and the analysis of equipment replacement.
Phase Six Deliverables
Troubleshooting guides and reports Maintenance procedures and records Upgrades Operating costs Replacement studies
