Skip to content
A person pours oil out of an oil can to maintain the cogs of a complicated machine in a cloud

Illustration by iStock; Security Management

Building and Defending a Plan for Preventative Maintenance

If you didn’t brush your teeth for a year and then went to the dentist, it would most likely start with some short-term pain in the lead-up and then result in having a few fillings when it’s time to sit in the chair.

The same logic applies to maintenance of electronic security assets. Uncleaned cameras, for example, may display poor images. Operationally, this isn’t great for live monitoring, but post-incident recorded footage would be practically useless.

When talking about electronic security though, we aren’t just talking about keeping things clean. Often there are multiple devices ranging across different systems and potentially multiple sites that require customized approaches, depending on the technology and its priority to the organization.

Preventative or routine maintenance is often the last thing thought about within the security industry after a project has been delivered or during the design phase. It is, however, the single most important facet to making sure the delivered security system is functional and useable throughout the life of the site.

Adhering to basic principles when developing a preventative maintenance plan can not only lead to greater results on smaller sites, but it also means the approach to larger sites is well considered and effective.

The disappointing question around this topic within the security industry is typically, “Is maintenance being completed?” rather than “Is maintenance being completed to a high level of efficacy?”

The reasons for it not being completed at all often comes down to a premature conclusion of budget vs risk. In lieu of a fully considered approach, some organizations will swing towards a failure-based, reactive approach toward electronic security system upkeep, delaying the generation of a meaningful plan and engagement of a security maintenance contractor. Delaying for long periods of time, however, can lead to faults going unnoticed and snowballing to unmanageable levels.

In every case, security system upkeep should include a preventative maintenance plan (PMP) being in place to capture the basic principles and ensure a risk assessment has been completed. A result of this more thought-out approach may potentially even be keeping maintenance activities at a lesser frequency to meet budgetary constraints.

Creating a good PMP requires several key elements to ensure the plan meets the organization’s needs and that it can be defended in annual budget processes.


Knowing what is onsite and how those assets relate to each other operationally forms the basis for what needs to be done and when.

Assets are not limited to hardware items, and this inventory should include software and firmware which forms part of the overall security system. Given the steady increase in cybersecurity breaches and incidents, the importance of these upgrades can’t be understated.

Some sites will have the luxury of generating this information during the core project delivery. Or for legacy or brownfield sites, this could involve potentially collating and verifying old and new data.

Asset lists should not be left to stagnate. Any removals or additions after the creation of the PMP should be captured to ensure the system is maintained in line with the existing plan.



What is the power of unification?

Unifying video management and access control, along with other functions, reduces costs and improves efficiency. If your organization is thinking of moving towards unified security, you’re not alone. With Genetec Security Center 5.11, we make unification even easier.


Once the assets are known, a risk assessment can be made on the following:

Probability of deterioration/failure. This relates to the likelihood of the asset entering a state of ineffectiveness, and it can include external influences such as environment, human factors such as malicious damage, and internal factors such as asset type or asset quality.

Even within a security system where fit-for-purpose equipment has been purchased, an external camera installed in a dusty area may require more frequent cleaning than others.

Rate of deterioration/failure. This consideration relates to the time it takes an asset to become ineffective. Usage of an asset may determine this, such as backup batteries in a security system panel where the site’s main power frequently drops out.

Impact of failure. The impact of an asset failure will strongly steer the requirements for preventative maintenance on security system assets because the impacts are often related to operational ability. If compromised, this can impact the safety of those on the site. The impact of a wireless duress alarm failure in the event of an emergency could be catastrophic.

Inversely, the impact of one camera being dirty where another camera may have an overlapping field of view may not affect the site’s immediate operational ability.


Triggers define the “when” for maintenance activities. These triggers can be based on time, usage, or condition, or maintenance can be triggered manually.

The type of trigger used to initiate a maintenance activity within a preventative maintenance plan will be relative to the risk of failure of the asset.

Within preventative maintenance plans spanning long periods of time, pre-determined meantime between failure (MTBF) times may be applied to assets and used to schedule preventative maintenance activities such as life-cycling. Consideration should be given to the specific environment in which the asset is located as this may influence the probability of deterioration/failure.

For example, a wireless duress transmitter in a high-risk environment might be tested frequently while also having its batteries replaced well before the scheduled MTBF time to eliminate any risk of failure.


Procedures should primarily be designed to do two core things: test operational functionality of the system and undertake tasks to renew or refresh capability. The level of detail used on tests and tasks will be directly related to the assessment of the site and intertwined with the triggers.

For example, within an intruder alarm system, procedures may include testing all required alarms for devices while also cleaning and ensuring sensors are free from dust, dirt, or insect infestation.

Software Maintenance

In a constantly evolving industry, nearly all systems within the electronic security world are software-based.

Software upgrades solely servicing the introduction of new or improved features from suppliers are a thing of the past. Cybersecurity is highlighted constantly in today’s technology landscape, and vulnerabilities are frequently found and patched in software releases. Updates also provide further stability as bugs are identified and fixed.

This should not only be a consideration for the security software itself but also for the infrastructure that runs the software. This could include firmware or operating software updates.

Keeping up to date with software upgrades also ensures newer replacement end devices are compatible. In some unfortunate cases, sites left not updated face challenges finding devices compatible with older software.

A risk-averse approach to software upgrade management may include an “N minus 1” approach, which means using the version from before the latest release. Its intent is to prevent downtime possibly related to any yet-to-be-discovered bugs in the latest release. While a consideration, this may not be the best approach if new features of a release are required.


Life-cycling is the replacement of assets before they have failed. When considering life-cycling, it is important to refer to the PMP’s triggers and risk assessment to determine how this will be undertaken. In relation to a security system’s assets, this could be as simple as replacing a battery or replacing an entire system’s end devices or headend infrastructure.

Due to the cost involved with replacing items, more cost-effective, condition-based triggers can used, or in some cases a trigger may be failure-based. Within environments where risk of failure can equate to large financial impacts or risk to a person’s wellbeing, replacing equipment before failure is often a small price to pay.

Risk of outage should not be the only consideration in planning to life-cycle devices or systems.

The advancement of technology in an ever-changing industry is often a major reason for life-cycling assets.

A constant evolution of the site and its capability throughout time, if planned, can be cost effective and a manageable way of keeping up to date with the advantages of modern tech.


The product of the procedures and how it’s communicated to the end client is the most important piece of the puzzle. A well laid PMP with great procedures that identifies faults only to be hidden within a report emailed or uploaded within an asset delivery system is not a functional mechanism—it is a considerable failure.

This communication should be relayed to the end user in a way that allows live feedback and questions to be asked, such as a meeting or face-to-face delivery. This live format allows a more consultative approach to the delivery and will often inform decisions immediately on actions from the report findings.

Communication in this consultative form also creates a forum for review of the system as a whole, its effectiveness, and how it is adapting to the possible changing environment it services.

Reports generated throughout preventative maintenance can be presented by security managers to stakeholders to describe the health and compliance of the businesses security system. These reports can identify any faults and subsequent rectifications while highlighting the potential savings of capturing potential failures before they turn into incidents.

Emerging Trends and the Future of Preventative Maintenance

Development of how preventative activities are generated, managed, and delivered has a very bright future and we only have other industries to look at to get an insight into what lies over the horizon. Some of the forementioned triggers and actions may already be implemented within existing software, but wider usage and implementation may become more prevalent in the future.
A commonality between some of these trends is that changes relate to how preventative maintenance activities trigger. This could mean automating or removing the trigger altogether via automation.

Streamlined Upgrade Processes

The requirement to upgrade software and device firmware is becoming commonplace among security systems and their devices.

More specifically the delivery method of these updates is constantly evolving. Manufacturers are bringing in a suite of tools to not only smooth out the process of upgrades, but to also automate and time that process to reduce or eliminate downtime to due upgrades.

Data Collection and Usage

Collection and the use of data from a security system can be used to more accurately determine the MTBF and also act as a trigger for maintenance.

For example, a door that is used more than another could be triggered for maintenance activities earlier.


The analysis of inputs or sensors on items can be used to trigger maintenance before the item’s planned interval-based trigger.

A great example of this seen outside the security industry is the use of Amazon’s sensors within conveyor belt systems throughout the company’s fulfilment centers. Sensor data is analyzed to determine if certain parts may be close to failure, allowing replacement of that part during scheduled downtime rather than knocking productivity offline when the belt breaks down, VentureBeat reported.


Mainly focused within the reactive service domain, integrations between security systems and service management interfaces could be used to more easily manually trigger maintenance activities based on an operator’s real-time analysis of the system’s condition.

Other things such as the scheduling, coordination, and management of maintenance activities could be completed and easily tracked by both maintenance provider and end user.

Overall, consideration must be made when creating a PMP to balance the risk of failure against the cost involved with a comprehensive maintenance plan.

Unfortunately, there isn’t a cookie-cutter approach because no two sites are exactly the same, but with understanding of the fundamentals used for planning, the estimation of these costs becomes more accurate and effective.


Andrew Bugeja is an electronic security professional from Melbourne, Australia. Bugeja has more than 15 years of experience in the security industry. He specializes in electronic security design, maintenance and upgrade works to predominantly brownfield sites. While working for industry leading electronic security providers, Bugeja has worked within a variety of sectors delivering innovative solutions to defence, corrections, commercial, and retail clients. Bugeja holds a diploma of business from Swinburne University of Technology as well as a trade qualification in electronic security from Box Hill Institute.