Security Design 101: Best Practices on Complex Design Elements
Designing and implementing an efficient security solution is a process that demands meticulous planning, coordination, and execution. By using a systematic approach, organizations can tailor security infrastructure to meet their unique needs.
Effective security designs involving multiple systems, process engineering, or complex integrations require an organized, cross-functional approach. By following best practices rooted both in technical and governance approaches, these design projects can result in successful deployments.
“Getting a robust set of operational requirements early in the project lifecycle is key to establishing the right design, says Larry Richards, vice president of global security for Goldman Sachs. “In the absence of a robust or concrete set of operational requirements, the implementation will be very difficult to manage.”
Speco Technologies IP Audio enhances communication and security with high-quality sound solutions for diverse applications.
Pre-design considerations—such as the identification of key stakeholders, technical expertise, and exhaustive project documentation—must be addressed, and these will lay the foundation of the design.
Navigating the initial stages of establishing a project framework requires a methodical approach, assurance that all the key players are on deck, and a clear roadmap. You must address the project governance and organization, as well as the functional and financial requirements of the project.
Project governance and organization. Before starting any project, first identify all the relevant stakeholders. This includes decision-makers across different disciplines or departments. For example, IT and networking, cybersecurity, and corporate security should all be considered. You will also want to include the operational staff and final end users.
Knowing who the stakeholders are is only the first step. You also need clarity about each person’s role within the project, including the scope of a person’s authority and responsibility. When determining the stakeholders, you must set up timelines for receiving information, analysis, and generating feedback.
Stakeholder identification is also important during various parts of the design project, including project documentation, communication, and the escalation plan. Knowing who makes which types of decisions—and the process for making them happen—makes it more likely your project will stay on time and within budget.
In the absence of a concrete array of operational requirements, the implementation of the project will be difficult to manage.
Functional requirements. What do you need the security system or systems to accomplish or provide to the business upon completion? Provide the organization with the best return on investment by being as detailed as possible about what and how the system should perform in real world scenarios.
Well-documented functional requirements can help align the right processes and develop efficient use cases for configuration and programming. Systems—such as physical identity and access management, case management, and mass notifications—benefit greatly from aspects of consensus-driven functional requirements, documentation, and mapping.
Similar documentation is critical for other integrated solutions where a detailed sequence of operations arrived at through a functional requirements phase can provide a clear roadmap for configuration and implementation. These integrated solutions include shooter detection and perimeter protection, for example.
Basis of design. The approved functional requirements and process mapping feed into a technical basis of design (BoD). A well-conceived BoD forms the cornerstone of a security project, connecting various elements and ensuring the outcome achieves the intended objectives.
In establishing the design framework, it is vital to create a blueprint that outlines the scope, standards, and criteria for the security project. This blueprint acts as a reference point, guiding decision-making throughout the project’s lifecycle.
One essential part of building the design framework involves recognizing and analyzing dependencies and the supporting infrastructure—this applies to an organization’s administrative, operational, and technical facets. Clearly identifying these dependencies ensures that the resulting security infrastructure is robust and seamlessly integrated into the organizational ecosystem, ultimately fortifying its efficiency and efficacy.
Operational dependencies include personnel requirements, training, and alignment with existing processes. This is another time-intensive analysis, often resulting in creating new processes and procedures.
Technical requirements and dependencies entail understanding the hardware, software, and networking components that support the security system. Cyber and IT components may require considerable review—assessment time can run parallel in this phase to not lose overall project time.
Administrative dependencies encompass policies, procedures, and compliance with regulatory guidelines or agencies.
The design phase of the project includes both documentation creation and coordination. You will have a more cohesive project with integrated teamwork when all the elements work together.
Documentation. Documentation is often iterative and may take several drafts until the full design package is complete. However, it will present a thorough understanding of financial and operational requirements for an effective security system.
It is essential to understand how security impacts the day-to-day running of the business. Getting insights from the people on the ground—from reception to the back office to security guards to staff—can take your design to the next level. This understanding ensures that the security system is not just robust but also practical and smoothly integrated into day-to-day business operations. To achieve this, documentation of functional requirements must be paired with operational insight.
We understand the design community has unique needs. Honeywell can help you deliver cost-effective, value-added solutions to your customers. Learn more today!
When documenting the financial requirements of your project, include the initial investment and ongoing annual operational costs, like maintenance and updates. A thorough financial document should feature a clear budget that delineates the spending for security, IT, networking, and server build teams. This also includes the identification of any unexpected costs and contingencies for dealing with surprises as they occur. Such careful financial planning is crucial for ensuring the entire project is realistic and sustainable, helping stakeholders make informed decisions.
Finally, remember to identify the elements of the design that are interdisciplinary. By coordinating effectively across roles, you will likely include the full scope of work.
Coordination. Coordination is a must-have effort across all disciplines. Without it, you risk frequent delays, unseen costs, and the potential for outcomes that do not meet design goals or elements that clash—ultimately resulting in setbacks.
At a minimum, you will want to include security, IT, cybersecurity, and real estate teams in your design process.
From the security department, ensure that you include administrators, operators, system users, and executive teams. IT network and infrastructure personnel are often involved in points of entry, utilities, server and network architecture teams, information and cybersecurity, and database and data administrators.
Getting insights from the people on the ground—from reception to the back office to security guards to staff—can take your design to the next level.
Engage with your organization’s cybersecurity team early on to understand their resiliency, data privacy, and security requirements. Bring selected vendors early into the conversation so information security teams have ample time to review, evaluate and propose adjustments in finalizing vendor approvals.
Also engage early with the corporate real estate teams, including real estate stakeholders, architects, facilities, and operations. Early collaboration with these teams can improve understanding the vision of physical space and operations.
Coordination helps educate the separate teams on the security intent of the sought solutions and their impact on change management, facilities, operations, real estate, and other affected departments. Develop a coordinated vision and roadmap on how deployment will be managed during requirements, implementation, and administration phases.
The challenges of coordination between stakeholders are “demanding, yet rewarding. Demanding, because of the high expectations we put on ourselves to protect the firm’s assets, people, and reputation,” Richards said. “And, I say rewarding because I thoroughly enjoy working alongside experts in the industry. …There is an abundance of knowledge and expertise that I’m excited to leverage and learn from.”
Once you have a full team, know your point of contact for each group, and can coordinate them through the decision-making process established in your pre-design phase, then you can work on establishing a coordination cadence.
Be aware of all review and approval processes, and which members of each team are required to move the project forward.
In the absence of a concrete array of operational requirements, the implementation of the project will be difficult to manage, according to Richards. “This is due to the never-ending change orders which, in many cases, leads to failures in coordinating the right information at the right time with the right stakeholders,” Richards added.
Field coordination ensures that all the moving pieces fall into place and that the implementation of the system is ultimately seamless and efficient.
Implementation, configuration, and contingency planning. The project implementation plan—the first step in field coordination—involves outlining stages, responsibilities, timelines, and avenues of escalation to mitigate risk. Once your plan is set, you can continue with the verification of design elements. This will ensure hardware and software align with the specifications created as a part of the basis of the design.
Configure the security system’s software with the organization’s needs in mind. This should include alarms and alarm responses, video configurations, and alarm or alert notifications through either the access control platform or the video management system (VMS). If possible, integrate access control and VMS, generating a single viewpoint through which the end user can monitor, respond, and manage the overall system.
Coordinating locations and coverage is a preliminary step to infrastructure iterations and contingency planning. This step involves strategically positioning security devices for maximum coverage and efficiency, dependent upon field conditions. Anticipate potential on-field changes by having adaptable plans that account for alterations in technology and site conditions. These changes can occur to even the most sophisticated plan.
User acceptance testing and commissioning. One way to confirm that the planned system operates as intended and is free of critical issues is through simulating real-world scenarios.
Set up separate development, test, and production environments at the onset of the project. The test environment allows vendors and users to configure, modify, adjust, and provide feedback about the system in an isolated and impact-free environment. This configuration can be a true differentiating factor for an error-free production cutover.
Lastly, perform rigorous final testing to ensure compliance with specifications, leading to formal owner acceptance.
Smart video intercoms, gate operators, and accessories are powered by myQ Community for a seamless access control experience with curb-to-couch convenience and security.
The final details of the project are just as important as everything that has led up to this point. Make sure you complete a closeout that will support the project moving forward.
Extended warranty setup. Typically, security integrators include a one-year warranty on their labor and materials. An extended warranty agreement will typically begin in years two through five. Keep in mind that many security device manufacturers provide longer product warranties—typically ranging between two and five years—and so the cost for this extended warranty should be negotiated based on the material installed and the response time to repair. This is like a safety net for your hardware, keeping those stress levels in check.
Software support agreement (SSA). Another ongoing element that must be included is one or more SSAs which will ensure your software is maintained, updated, patched, and kept running optimally in your enterprise environment. This will prevent unexpected glitches and updates from undermining your final security posture.
Coordination helps educate the separate teams on the security intent of the sought solutions and their impact on change management, facilities, operations, real estate, and other affected departments.
Managed services plan. Consider a managed security services plan. Think of it as your tireless security guru keeping a watchful eye on everything. A managed security services provider (MSSP) can offer an organization various services, such as e-mail scanning, firewall rules, intrusion prevention and detection system configurations, Web scanning, and other IT processes. Beyond cybersecurity and IT considerations, MSSPs can also offer services related to security information and event management (SEIM).
Roles and responsibilities. Last, but not least, clarify roles and responsibilities. It’s all about making sure everyone's on the same page for the grand finale of your security project. You should have a good sense of this from the preliminary steps, but this is where you solidify any changes and expectations.
As security challenges evolve, staying abreast with best practices and adopting a structured approach is paramount for safeguarding organizational assets and ensuring business continuity.
Designing an effective security system—one that includes various components, steps, and stakeholders—demands a well-prepared and systematic approach. Adhering to best practices can produce successful deployments of the best system for your organization.
Mohammed Atif Shehzad is the founder and managing director of Atriade, a full-service security consulting firm. He has a background in program development, strategic master planning, and executive-level program sponsorship. Shehzad also oversees program development and management efforts for Atriade enterprise customers.
Saif Nomani is the director of design and technology at Atriade. He oversees security system design and implementation projects, providing design deliverable oversight and project management. His design experience of more than 20 years spans several verticals, including corporate and financial sectors, higher education and K-12, pharmaceutical and health services.
John Hall is the senior security consultant at Atriade. With more than 25 years of experience in design and construction administration, John is the onsite and field specialist for Atriade’s design projects. His areas of focus are design coordination, field surveys and technical assessments, user acceptance testing, and commissioning.