An investment in asset protection.
Its first generation electronic security and access control security system, which was installed in the 1980s, soon reached its limits. Within a couple of years, the incumbent security system vendor was acquired by another vendor. Product support subsequently waned, and without this support, major system failure was a real possibility.
The prospect of business expansion and the growing acceptance of standards-based protection within designated areas made it necessary to merge together hardware from different vendors. Consequently, FSSI, with a solid background of lessons learned as a user and integrator, started to plan for its next generation backbone system.
FSSI decided to design, procure, and install a security control and communication system using a multidisciplined team from within its own ranks. Fidelity's senior management support and the desire to be an industry leader provided a strong foundation for success. This strong support and direction from management helped establish five fundamental objectives:
* Develop a system architecture capable of supporting Fidelity's worldwide asset protection needs to the year 2000, while facilitating innovative, modular applications.
* Select a vendor possessing products consistent with Fidelity's current requirements, the technical resources and skills to execute the company's developing needs, and the business base to ensure long-term support.
* Develop an integrated security management information system to provide enhanced communication and substantive information to assist in quality-based decision making.
* Develop an entrepreneurially focused partnership between FSSI and its vendor by developing marketable products leading to a return on investment and productivity improvements.
* Provide a technology-based capability to reduce reliance on personnel.
Project team. The company's project management team was structured around the idea that FSSI personnel are the daily users of these systems. They have to live with the consequences of failures of system reliability and must, therefore, view themselves as the integrator on a daily basis.
Project and budget management was established within FSSI's line organization and included representation from security officers, supervisors, console operators, and technical services personnel.
Since Fidelity has in-depth internal information and telecommunications systems capabilities, staff support from these departments and from the company's information systems security group was tapped. A contracts manager was brought into the procurement process at a later stage.
Design process. FSSI began by reviewing major security vendors. Various system configurations were evaluated, factories were visited, and discussions were held regarding FSSI's unique requirements.
This phase of the process culminated in mid 1991 with the development of a top-level security control and communication system (SCCS) architecture, the subsequent preparation of a concept of operations, and the resulting technical specifications for the proposed system.
The operations concept was a guiding document in the process. It detailed users' experiences with prior systems, as well as their desires for technical and administrative capabilities in the next-generation system.
FSSI used this initial phase to examine and document the requirements and the desired system capabilities. The result was a developmental wish list that could be accommodated by commercial products. This became part of the solicitation and provided a narrative basis for the specifications.
These specifications directed FSSI's participation and technical involvement as well, setting a framework for vendor responses. Vendors were required to display a thorough understanding of the program.
The solicitation included three categories of requirements:
* SCCS--off-the-shelf features essential to large, distributed, on-line access control, intrusion and quasi-analog system monitoring, system administration, command, and control
* Security management information system (SMIS)--new system applications desired for enhanced productivity, management information capabilities, future modular enhancements (such as biometrics and other interfaced subsystems), computer-based training, local area network (LAN) connectivity, and other developmental initiatives
* PC/LAN requirements--A LAN configuration was required for inter- and intra-departmental connectivity. Since the internal systems company was working with a specific software, compatibility with this platform was requested but not required. Thus, a third, top-level requirement was added for final evaluation.
Evaluation process. Based on the prior evaluations of vendor capabilities, a list of nine qualified bidders was prepared and formal solicitations to the specifications were sought in July 1991. Eight responses were received by the end of August.
A six-person evaluation committee reviewed these proposals, with four selected for technical evaluation. A rating and ranking scheme was used to structure the committee's review of each of the finalists. The following criteria were selected and may be appropriate for major evaluation factors in other retrofit programs.
* Conformance with specified capabilities. How responsive is the vendor to the requirements? Do the deficiencies result in technical noncompliance or can they be negotiated? Is the vendor's alternative better than what FSSI had envisioned?
* Capability and creativity in approach to developmental requirements. FSSI has unique needs for this system based on planning. How do these vendors propose to be a creative engine in the process of implementation?
* Entrepreneurial opportunity. FSSI has ideas regarding unique capabilities not now in the commercial security market. Can it share the benefits if they prove to be saleable?
* Depth and breadth of internal staff resources. Many vendors in this industry are resource limited. FSSI did not want to have its project unnecessarily compete with others in critical implementation phases. A formal link between the vendor and its hardware supplier was seen as a risk reduction advantage in terms of an effectively bundled system.
* Quality assurance and quality control. A formal program supported by a management-level commitment to quality was essential.
* Apparent technical risks. Because FSSI wanted a state-of-the-art system, it recognized that some technical risk was inherent in its requirements. How did the vendor propose to mitigate these risks, and how did its strategy impose potential problems for FSSI?
* Ability to accept financial risk. This is an expensive program, and many vendors live on the edge of survival, let alone profitability. FSSI performed in-depth due-diligence reviews.
* Compatibility of hardware and software. The more the proposed system was familiar to FSSI's internal support capabilities, the better FSSI could support it downstream.
* Willingness to adapt. Many vendors sell what they have on the shelf but are unwilling to provide customized applications. Some of FSSI's needs are unique, and vendor willingness and capabilities to support these developments was essential.
* System features today and tomorrow. Were these candidates thinking about tomorrow? FSSI was looking for an idea bank in addition to a vendor.
* Bid price and cost realism. Price was a factor, but not the only factor in selection. Cost realism, particularly given the acceptance of the role of integrator, was highly important.
* Ability to meet schedule. This was to be a managed, schedule-critical program. The ability of the vendor team to meet a negotiated schedule was critical.
* Contingency plan capabilities. FSSI needs to be able to integrate the vendor's off-the-shelf hardware with FSSI's current equipment to meet growth needs while being sensitive to planned configurations.
* Conclusions and bid clarifications. FSSI knew that discussions with finalists would generate new issues, and require additional data that was not included in the original bids. Their ability to respond was incorporated in the final assessment.
* Overall evaluation and recommendation. The evaluation team had to make a defensible case for selection that could be accepted by senior management. Extensive discussions were held throughout the design process to apprise senior management of FSSI's direction, obtain their ideas and concerns, and receive feedback regarding issues that needed to be covered.
Other significant factors. At the conclusion of FSSI's initial evaluation process, it had three vendors proposing differing hardware configurations, all within a competitive price range and all presenting differing challenges in terms of project risk.
At this stage FSSI met with each one to answer a series of questions on their proposals, discuss how they would meet emerging PC/LAN requirements, and provide them an opportunity for give-and-take on system design ideas.
These final phases of the process became a frank exchange of views among team members, between FSSI and the vendor candidate and between management and others involved in the process.
A final offer was obtained from each vendor. The evaluation team made its selection, documented the decision for senior management, and obtained approval to proceed. A major factor in this approval was the team's ability to demonstrate how it proposed to use the system as a management tool for productivity-oriented operations.
At this point in many projects, the process tends to cede responsibility to the vendor and await the results at pre-acceptance test milestones. In this case, the team determined that every item in the concept of operations and specifications needed to be discussed and all parties had to buy into an integrated, documented solution.
This step was critical since procurement specifications typically need to establish performance criteria open to a variety of solutions. Once a proposed solution was provided in a product-specific configuration, contract requirements were documented consistent with the vendor's bid.
Team involvement. The project management team stayed in place through the installation and test and acceptance phases of implementation. Monthly meetings were held to evaluate overall progress, identify emerging problems, assess conformance with the budget, and schedule and oversee internal project activities.
Meetings were held with the vendor to review delivered products and clarify issues of mutual concern. Contractual installation support was identified for sites where it is more cost efficient to use outside resources. A formal test program was initiated at key milestones in system delivery and installation at various sites.
Management support. Security departments that use technology as an integrated part of their asset protection program typically have to work hard to maintain these components for continued reliability, but problems are invisible to the user. As a result, capital expenditures to replace outmoded systems may be difficult to justify.
It was clear to FSSI that the decision to replace the original system had to be based on benefits. Moreover, the benefits had to be consistent with project objectives, as follows.
* Real-time connection between decentralized security functions.
* Improved availability and quality of information for direction and control.
* Improved service delivery to user organizations.
* Expandability to meet Fidelity's growth needs.
Reduction of expenses:
* Reduction in personnel.
* Joint development of saleable products to industry.
* Buy-in by vendor for new state-of-the-art capabilities.
* Improved internal and external productivity.
* Modular system architecture to minimize materials and labor required for installation.
* Maximize use of current equipment.
* Hardware and software supports innovative applications.
* Increased ability for preventive direction of resources.
* Enhanced reliability of technology-based protection.
* Enhanced quality of information for preventive risk management.
Standardization and support:
* Platform and operating systems proposed are within Fidelity's internal support system.
* Plan for cost-effective maintenance at each protected premises.
* Demonstrable viability and commitment of vendor.
As the need for new or replacement systems is reviewed, security departments should carefully evaluate the system's internal capabilities and its role in project management. The user organization--in this instance, Fidelity--is ultimately responsible for a system's success or failure. Security should solicit the active involvement of internal resources to ensure that the project will get the necessary support from all parties.
Fidelity corporate security's approach to a multimillion dollar retrofit of its backbone security systems has provided the opportunity to consider how the computing power of state-of-the-art systems can contribute to improved productivity, program management, and return on investment.
Every vendor has products that can open doors, annunciate alarms, and provide for on-line operations oversight. These systems can logically and effectively support improved management capabilities and qualitative risk reduction when users get involved in planning, design, and implementation.
George K. Campbell is president of Campbell and Company in Centerville, MA, and a member of the ASIS Standing Committee on Security Architecture and Engineering. Michael Ennis, CPP, is the director of administration, and John Mulattieri, CPP, is director of operations for the Protective Services Division of Fidelity Security Services, Inc., a subsidiary of Fidelity Investments in Boston.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Physical Security; Fidelity Security Systems Inc.|
|Author:||Campbell, George K.; Ennis, Michael; Mulattieri, John|
|Date:||Mar 1, 1993|
|Previous Article:||The importance of IDS inspection.|
|Next Article:||Keeping conversations confidential.|
|Fidelity National buys Security Title Guaranty.|
|Fidelity's BrokerageLink[R] adds another vehicle for retirement savings.|