Security seals the deal.Security is often thought of only as an overhead cost, a necessary investment that doesn't contribute to the bottom line. That perception can change quickly, however, when a major customer makes a multimillion dollar contract award contingent on Adj. 1. contingent on - determined by conditions or circumstances that follow; "arms sales contingent on the approval of congress" contingent upon, dependant on, dependant upon, dependent on, dependent upon, depending on, contingent specific improvements in security. QTRON Inc., of San Diego San Diego (săn dēā`gō), city (1990 pop. 1,110,549), seat of San Diego co., S Calif., on San Diego Bay; inc. 1850. San Diego includes the unincorporated communities of La Jolla and Spring Valley. Coronado is across the bay. , a manufacturer of electronics, faced exactly that situation in April 1995 when a potential client, Irdeto, made a $6 million-plus contract award contingent on significant changes in QTRON's security program. Irdeto, a Netherlands and South Africa-based international provider of encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. technology and integrated software Separate software components or applications that have been combined into one package. See integrated software package. , was seeking a contract manufacturer to assemble its set-top decoder A hardware device or software that converts coded data back into its original form. See decode and MPEG decoder. boxes, which are used in Pay-TV operations. Among other things, Irdeto looked closely at each manufacturer's production capacity, quality control procedures, corporate stability, material control, tracking systems, and cost-effective pricing. Irdeto selected QTRON as the most appropriate choice from a business standpoint. However, an in-depth security audit conducted by Harm Oosten, Irdeto's security manager, identified several changes that would have to be made by QTRON for the award to go forward. Rather than dispute the audit's findings, QTRON management decided to accept the situation as an opportunity to upgrade security and turn it into a competitive advantage, not just for the Irdeto business but for future contract proposals as well. In addition to the general objectives of any security program, such as maintaining a safe workplace and deterring theft, security managers in the contract manufacturing side of the electronics industry must safeguard high-value, highly marketable raw semiconductor components, protect proprietary designs and programs belonging to contract customers along with customer supplied inventory items, and ensure that scarce parts remain available to meet shipment commitments. Small-size, high-value, highly marketable electronics components, such as microprocessors and single in-line memory modules See SIMM. (storage) Single In-line Memory Module - (SIMM) A small circuit board or substrate, typically about 10cm x 2cm, with RAM integrated circuits or die on one or both sides and a single row of pins along one long edge. (SIMMs), are especially vulnerable to theft. Microprocessors are worth as much as $500 to $1,000 each, and SIMMs, used in large quantities, can cost over $100 per module. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the American Electronics Association The American Electronics Association (now known as AeA) is a nationwide non-profit trade association that represents all segments of the technology industry in the United States. , the electronics industry nationwide loses an estimated $8 billion each year in chip thefts ranging from employee pilferage pilferage n. a crime of theft of little things, usually from shipments or baggage. (See: theft) to armed robberies. Underscoring the need for increased security is the alarming increase in armed robberies of electronics manufacturing This article presents a typical manufacturing process of an electronic assembly. Component manufacturing Components such as resistors, capacitors and integrated circuits are generally made by specialized contractors. firms in recent years. The record for a single theft so far was the May 1995 armed robbery of Centon Electronics in Irvine, California Irvine is an incorporated city in Orange County, California, United States. It is a planned city, mainly developed by the Irvine Company since the 1960s. Formally incorporated on December 28 1971, the 69.7 square mile (180.5 km²) city has a population of 202,079 (as of 2007). , where $12 million in computer chips and circuit boards was stolen by a group of ten armed robbers. At least fifty armed robberies involving more than $52 million in computer chips were reported last year in California's Santa Clara Santa Clara, city, Cuba Santa Clara (sän`tä klä`rä), city (1994 est. pop. 217,000), capital of Villa Clara prov., central Cuba. County alone. The trend has extended to Los Angeles Los Angeles (lôs ăn`jələs, lŏs, ăn`jəlēz'), city (1990 pop. 3,485,398), seat of Los Angeles co., S Calif.; inc. 1850. , Orange, and San Diego counties, where QTRON is located. In December 1995, a warehousing facility less than five miles from QTRON was robbed of $2 million in computer chips by three assailants armed with handguns and assault rifles A
Not only has the rise of armed robberies increased the dollar losses to electronics manufacturers, it has injected in·ject·ed adj. 1. Of or relating to a substance introduced into the body. 2. Of or relating to a blood vessel that is visibly distended with blood. injected 1. introduced by injection. 2. congested. a severe threat to employee safety into the security equation. The gangs that carry out electronics robberies have become adept at hitting quickly and using the threat of violence to surprise and intimidate in·tim·i·date tr.v. in·tim·i·dat·ed, in·tim·i·dat·ing, in·tim·i·dates 1. To make timid; fill with fear. 2. To coerce or inhibit by or as if by threats. the unprepared employees of the target firm. But gangs may only be half the problem. According to an article in the Los Angeles Times Los Angeles Times Morning daily newspaper. Established in 1881, it was purchased and incorporated in 1884 by Harrison Gray Otis (1837–1917) under The Times-Mirror Co. (the hyphen was later dropped from the name). (February 23, 1996), electronics industry thefts may often involve company employees, contractors, or suppliers. In light of the increasing threat trends throughout the industry, QTRON management decided to use the Irdeto security audit as an impetus for completely overhauling the company's existing security program. The specific Irdeto requirements focused on two major needs: improving access control to the facilities and monitoring the movements of authorized au·thor·ize tr.v. au·thor·ized, au·thor·iz·ing, au·thor·iz·es 1. To grant authority or power to. 2. To give permission for; sanction: and unauthorized persons, and improving the control of materials movements for high-risk or customer-owned components. In addition to addressing Irdeto's requirements, QTRON wanted to improve the management structure for the security program and increase the sense of security for all employees. Dedicated management. Like many fast growing companies in dynamic markets, QTRON focused most of its early organizational resources on the most mission critical aspects of operation, such as production management, quality control, and market development. As a result, overhead functions such as security were assigned to personnel as secondary responsibilities. Following that philosophy, the company's security was handled early on by the director of human resources The fancy word for "people." The human resources department within an organization, years ago known as the "personnel department," manages the administrative aspects of the employees. . In response to the Irdeto audit, and also to bring professional management and full-time focus to the security program, QTRON created and filled the position of security manager. The job required someone with extensive experience in plant protection activities, access control technologies, and lock-smithing. The security manager would also be expected to have loss prevention and managerial skills, interpersonal abilities, and general computer knowledge. The company also looked for a candidate who demonstrated dedication to security as a profession, such as active membership in the American Society for Industrial Security (ASIS 1. ASIS - Application Software Installation Server. 2. (language) ASIS - Ada Semantic Interface Specification. ). Management was looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. a candidate with the commitment to work long hours and to be on-call twenty-four hours a day in some cases. To meet Irdeto's aggressive time frame - they had given QTRON only ninety days to implement the required security changes - the actions listed below were initiated by existing management and taken over by the new security manager once hired. Access control. One major concern noted in the Irdeto security audit was the need for tighter access control throughout QTRON's two facilities. With the company growing rapidly and developing close working relationships with key vendors, the number of new faces with legitimate business in the facilities had quickly grown beyond the point where everyone could easily identify unauthorized strangers. The company's main facility is in a two-story building in the midst Adv. 1. in the midst - the middle or central part or point; "in the midst of the forest"; "could he walk out in the midst of his piece?" midmost of an industrial complex. The first floor (about 20,000 square feet) is the production area. Half of this space has an open atrium-style high ceiling that goes to the building's roof. The other half has a regular ceiling above which second floor offices are built with large glass windows to overlook the production area below. On the production floor, the process is semi-automated - workers are responsible for placing computer chips into the manufacturing machines that then carry out the automated task of adding components to the chips robotically. Before the security upgrade, raw materials were stored in a fenced off area of the production floor. The main facility with production floor and offices had eight doors that provided open access during business hours BUSINESS HOURS. The time of the day during which business is transacted. In respect to the time of presentment and demand of bills and notes, business hours generally range through the whole day down to the hours of rest in the evening, except when the paper is payable it a bank or by a . As a secondary aspect of their other duties, the production supervisors were charged with maintaining security over the production floor and setting the alarm system when the plant was closed. To improve this situation, QTRON changed five of the doors to emergency exit only. The locks on those doors were changed to ensure key control; the doors were also alarmed and signs were posted stating "emergency exit only." Tight access controls were added to the remaining three entrances. Access control technology made by Cardkey Systems was selected because of its ability to accommodate many different access levels. Individual cards could be programmed for multiple times of access or areas of access. Management also found the software easy to use, making it easy to train new officers. In addition, QTRON, which builds some of the printed circuit boards used by Cardkey Systems, had an existing working relationship to build on. With the new system, levels of access can be easily assigned and modified, or revoked from the central control station, on an individual basis as needed as needed prn. See prn order. . For special zones, the system has the ability to require a combination of the cardkey and a personal identification number (PIN) to reduce the likelihood that lost or stolen card-keys could be used to gain access. ID badges. To further protect the integrity of the cardkey system, the company does not incorporate the cardkeys into the employee ID badges. Each employee is issued a separate picture ID badge that contains appropriate information on the individual and the company. If found, it can be dropped into a mail box and returned to QTRON. The cardkeys, however, contain no identifying information. If one is lost, it cannot be associated with QTRON. Employees are instructed to keep their picture ID badges and cardkeys separate at all times to avoid their being lost or stolen together. Zones and privileges. Management was concerned about the old burglar BURGLAR. One who commits a burglary. (q. v.) alarm system because it could not be zoned for incremental Additional or increased growth, bulk, quantity, number, or value; enlarged. Incremental cost is additional or increased cost of an item or service apart from its actual cost. activation and deactivation de·ac·ti·vate tr.v. de·ac·ti·vat·ed, de·ac·ti·vat·ing, de·ac·ti·vates 1. To render inactive or ineffective. 2. To inhibit, block, or disrupt the action of (an enzyme or other biological agent). 3. and it was not integrated with access control. If management personnel were working upstairs on a weekend, their deactivation of the alarm in their area also made the production floor vulnerable to entry. In addition, the number of people authorized to deactivate de·ac·ti·vate tr.v. de·ac·ti·vat·ed, de·ac·ti·vat·ing, de·ac·ti·vates 1. To render inactive or ineffective. 2. To inhibit, block, or disrupt the action of (an enzyme or other biological agent). 3. the alarm had grown to more than forty staff members because of the company's rapid growth and the frequent long hours being put in by different people. The new access control system addresses those concerns. As a part of the security upgrade, management reviewed the access list and assigned individual deactivation PINs on a strictly controlled basis, dividing the alarm system into separate zones, and controlling PINs on a need-for-access basis. Materials storage. Other key changes driven by the Irdeto recommendations included separation of the materials storage area into two sections, one for production kits being readied for issuance to the floor and another for raw materials. As mentioned earlier, before the security upgrade, part of the production floor had been segregated as a storage area. While materials were fenced and locked, there was no access control or paper trail to verify when and by whom materials had been removed. In response to general business expansion plans, the company had already planned to move the storage area off the production floor and into a 10,000-square-foot warehouse about two miles from the main facility in the same industrial complex. This plan coincided well with plans to enhance materials security. The material management center (MMC See MultiMediaCard and Microsoft Management Console. ), as the storage warehouse is called, is now used to receive, inspect, and store raw materials. Parts get to the production area through a system called kitting, whereby all of the parts needed to make a designated number (such as 2,000) of a client's boards are put into one production kit. A part of the MMC serves as the kitting area where these packages are assembled in a secure setting. The MMC is accessible via cardkey and PIN by authorized materials and production personnel only. Before an individual is given access privileges to the materials area, he or she must undergo a background check conducted by an outside investigative agency. The investigator checks whether the employee has a criminal background or any serious motor vehicle violations such as drunk driving. Discovery of false statements on employment applications or a record of inappropriate activities can provide grounds for either reassignment or dismissal. The new controls make it easier for materials supervisors to monitor and control the movement of personnel within the warehouse overall, and specifically within the separate kitting and raw materials areas. In addition, partly for security and partly for production efficiency, QTRON set up a "Kan Ban" area on the production floor for maintaining working supplies of inexpensive parts, primarily those costing less than $1.00 each. Kan Ban, meaning pull, is a Japanese inventory management method that uses multiple bins to constantly resupply re·sup·ply tr.v. re·sup·plied, re·sup·ply·ing, re·sup·plies To provide with fresh supplies, as of weapons and ammunition. re the production line as parts are consumed. By setting up a special area on the production floor for these less valuable parts, the company not only improved efficiency but also further limited the number of personnel that needed to access the main stock room. In addition to providing greater control over materials movements, this multitiered storage system provides greater protection for highly marketable raw components such as microprocessors and memories. Security officers. Because security was previously handled as a secondary responsibility by production supervisors, not enough focus had been placed on daytime access control, and after-hours security depended solely on the existing burglar alarm system. To rectify rec·ti·fy v. 1. To set right; correct. 2. To refine or purify, especially by distillation. this situation, QTRON established an in-house multishift security officer force that improved both business-hours and after-hours access control. In-house staffing was considered the best way to maintain ongoing quality and commitment from the officers. The company is able to train its proprietary officers with regard to the specifics of QTRON's security procedures, and the staff's "ownership" of the company's security program creates a climate in which they can play a valuable role in continually helping management develop future security improvements. Surveillance. The commitment to an internal force of security officers carries with it a significant staffing cost. QTRON chose to mitigate these costs and improve security levels by investing in several CCTV CCTV abbr. closed-circuit television CCTV closed-circuit television monitoring systems and tying them into a new central monitoring station, or security command station, via state-of-the-art communications links. The central station is located in the main facility next to the employee entrance so that everyone must pass by the security station to enter or exit the facility. Fifteen cameras were installed to monitor key access points throughout both of QTRON's facilities. A dedicated T1 communications line allows simultaneous real-time monitoring of all locations by a single security officer located in the security command station. The command station also has links to the cardkey access system and alternative telephone communications that can be used in case of failure of the main phone switch. In addition to the CCTV cameras being monitored in the central station, the materials center camera is also locally monitored by materials staff directly inside the entrance where the camera is located. Anyone wishing to gain access to the materials control center can be viewed by camera and the nature of their business can be determined without the inside employee becoming exposed to a potential threat from the visitor. The materials staff is given extensive training in how to use the outside camera and intercom to query delivery people or others to determine their legitimacy prior to opening the door. Training includes the viewing of a thirteen-minute video prepared by the San Jose San Jose, city, United States San Jose (sănəzā`, săn hōzā`), city (1990 pop. 782,248), seat of Santa Clara co., W central Calif.; founded 1777, inc. 1850. Police Department. The film simulates a typical quick-grab robbery and helps staff to identify suspicious profiles of potential robbers. In addition, security circulates and posts news articles on recent robbery incidents to apprise staff of the changing nature of the threat. The remote facility's CCTV monitor information is transmitted digitally to the command center through the T1 line. This method makes real-time monitoring possible and allows for 100 percent backup of all monitored activity to compact digital media. The complete backup tapes See tape backup. are archived for up to fifteen days in a secure facility to allow for subsequent in-depth review if a security investigation requires more information. Central monitoring. Use of the central monitoring facility enables QTRON to operate effectively with one security officer per eight-hour shift. Coverage of multiple facilities and access points would otherwise require two to three officers per shift. Cost is kept to a minimum with one officer providing security and assisting with employee badging activities. The vault. One of Irdeto's primary concerns was the protection of the proprietary encryption chips that are a key part of its cable TV scrambling See scramble. systems. To manufacture the Irdeto boxes, QTRON would need to inventory and safeguard significant quantities of the preprogrammed, Irdeto-supplied encryption chips. Protection of the copyrighted encryption codes was also a key issue. The physical loss of the chips or compromise of the encryption codes could have a catastrophic effect on Irdeto's business position by breaching the signal security that Irdeto provides to its end customers, the operators of Pay-TV systems. In response to Irdeto's audit findings, QTRON spent $12,000 to construct a secure vault area, located in the MMC. The company also established special procedures for handling the Irdeto-supplied components. The vault is fire-safe and fitted with a special dual-person access system. It cannot be opened by any one person, but rather requires a simultaneous entry of key and PIN sequences by two separate authorized members of the staff. To further control access, the authorized persons authorized person Lab medicine A person–eg a physician, who orders tests and receives test results on persons for whom payment is sought under Medicare. See CLIA 88. are assigned such that they have completely separate chains of management. Both authorized employees are required to cosign cosign v. to sign a promissory note or other obligation in order to share liability for the obligation. log entries regarding the removal of any materials from the vault, such as a specific quantity of Irdeto chips for a production kit. Access to the vault is monitored via two CCTV cameras that monitor both the entrance and the vault interior. Because these cameras are enclosed en·close also in·close tr.v. en·closed, en·clos·ing, en·clos·es 1. To surround on all sides; close in. 2. To fence in so as to prevent common use: enclosed the pasture. within a smoke dome, the staff under observation cannot determine the specific camera angles. The vault also safeguards sensitive components for other QTRON customers and provides secure in-house storage of MIS data tape backups Using magnetic tape for storing duplicate copies of hard disk files. Users can add an internal or external tape drive to their desktop computers for backup purposes, and files are typically copied to the tapes using a backup utility that updates on a periodic schedule. and security monitoring disks. Production floor. In any electronics manufacturing facility, the production floor itself is one of the most vulnerable areas for both quick grab robberies and employee theft. To maintain efficient production flow materials must pass through many different hands and operations to become complete, tested assemblies. QTRON has focused much of its efforts on establishing and refining sophisticated computer-based systems Computer-based systems Complex systems in which computers play a major role. While complex physical systems and sophisticated software systems can help people to lead healthier and more enjoyable lives, reliance on these systems can also result in loss of for real-time control Real-time control is a popular term for a certain class of digital controllers. For effective digital control, it is critical that sample time be constant. Real-time control achieves nearly constant sample time. See also
In response to Irdeto's security audit, QTRON expanded the materials control procedures to require additional sign off for the Irdeto-supplied encryption parts as they are moved from station to station. To extend this extra level of control to proprietary or sensitive parts included in other customers' assemblies, QTRON has created a materials category, called H-Class, to designate des·ig·nate tr.v. des·ig·nat·ed, des·ig·nat·ing, des·ig·nates 1. To indicate or specify; point out. 2. To give a name or title to; characterize. 3. highly sensitive Adj. 1. highly sensitive - readily affected by various agents; "a highly sensitive explosive is easily exploded by a shock"; "a sensitive colloid is readily coagulated" components that require this additional level of floor control. These special H-Class codes are also used on ordering and receiving documentation to ensure that incoming materials are flagged as soon as the receiving information is entered into the computer system. The parts are then immediately routed into the vault and handled according to the secure handling procedures. Another key to reducing the risk of armed robberies is to minimize the amount of highly marketable components, such as raw memories and microprocessors, that are on the production floor at any one time. This goal is accomplished through effective materials management Materials management is the branch of logistics that deals with the tangible components of a supply chain. Specifically, this covers the acquisition of spare parts and replacements, quality control of purchasing and ordering such parts, and the standards involved in ordering, practices that include real-time computer-based monitoring, use of small kit sizes, just-in-time inventory practices, and shortening of production setup times. According to QTRON founder and Senior Vice President Paul Santina, "The police believe that most of these quick-hit armed robbers carefully case and assess the opportunity before striking. We want it to be very clear that hitting our production floor will never yield a lot of raw marketable components." Security consciousness. Realizing that no security system can be effective unless it is understood, accepted, and supported by all employees, QTRON also used extensive training programs and interactive discussions of new procedures to improve staff awareness. All employees were educated on use of the new systems and briefed on how to maintain an awareness of potential security problems. Workers were especially admonished not to allow "tailgating Tailgating The action of a broker or advisor purchasing or selling a security for his or her client(s) and then immediately making the same transaction in his or her own account. " of anyone through the controlled doors, and they were told how to report the presence of unescorted strangers immediately. In addition to heightening height·en v. height·ened, height·en·ing, height·ens v.tr. 1. To raise or increase the quantity or degree of; intensify. 2. To make high or higher; raise. v.intr. their awareness of and participation in the success of the security program, the active education and training program helped employees develop a greater personal sense of security. By embracing the tough recommendations contained in Irdeto's security audit as an opportunity for improvement, QTRON has discovered that an effective security program can be transformed from an overhead expense to a competitive advantage. The first benefit came in the form of Irdeto's multimillion dollar contract award. Beyond the immediate reward of a new contract, QTRON has also reaped the benefit of a more professionally staffed and structured security program that can offer tailored security benefits to all of its other customers, increase the sense of security of all employees, and reduce other overhead costs overhead costs see fixed costs. , such as those associated with insurance fees and material losses. According to Bob Van der Linde, QTRON's president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. , "Implementing such a comprehensive security program requires the full commitment of top management and the ongoing involvement of the whole organization, but the results certainly have been worth the effort." Anthony P. DeJesus is the security manager for QTRON Inc. He was brought into the company as part of the initial changes to the security program and was personally involved throughout the improvement process. DeJesus has a bachelor's degree in Criminal Justice from National University in San Diego, California “San Diego” redirects here. For other uses, see San Diego (disambiguation). San Diego is a coastal Southern California city located in the southwestern corner of the continental United States. As of 2006, the city has a population of 1,256,951. , and more than twelve years' experience in security. He is a member of ASIS. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion