Think before you buy: a guide to security budgets

In no particular order, these issues to consider are:

These systems are usually expensive. Obviously, cost will depend upon size of system but we are talking about major dollars being spent. For a large commercial high-rise building, a new keyway can run several hundred thousand to more than a million dollars.  An access control system can run in excess of a million dollars while a fire alarm system can run several million.  I am not going to argue that, for example, a fire alarm system is not required.  We all know it is.  It is necessary to protect the larger asset that costs many times more than the system. Also, a fire alarm system is legally required.  My point is that systems cost a lot of money.

In the absence of any clear and present threat, money for these appliances will often be allocated elsewhere.  There is only so much money in the pot and security personnel are chasing the same pot that every other department is chasing. Generally speaking, other than for mandated replacement of various systems, whoever has the best argument for their departmental project will get the money while everyone else has to wait for next year. Unless of course some incident occurs and suddenly money is freed up and then senior management wants something done right now.
   
The intellectual energy consumed in planning and implementing these new systems often distracts us from really exploring the best solution to a problem.  Planning for a new system can take a lot of time and energy. In fact, some people can get so wrapped up in planning a new system that they sometimes lose sight of what they are trying to accomplish. Planning can take up the time of many people with varying degrees and areas of expertise.  Often, the last thing anyone thought of was whether a proper and thorough needs assessment was conducted.  Sometimes people just get a bee in their bonnet and they decide that they need the latest and greatest system and come hell or high water they are going to buy it.  Some security managers collect systems like some people collect butterflies. They don’t necessarily need them but they sure look good. I have person experience with security practitioners who have spent a great deal of their company’s money on systems and don’t even use them properly.

There are too many people in the market place planning and designing systems with no practical experience in the use of the systems. These people have never sat in a control room, have never responded to an alarm and have no idea what front line security people have to deal with.
    
Maintaining these systems at regular operational capacity is also expensive. This is something that so many security practitioners forget. They think that purchasing a million dollar access control system is a one-time purchase.  They don’t consider that to keep that system working at peak operational capacity, people are going to have to be trained and the skills maintained, as well as the equipment.  Otherwise, you have a system that is operating at less than peak efficiency and can quickly become an expensive paper weight.

Systems are often poorly designed by people who have no practical experience, installed by people who often do not follow the manufacturer’s installation specifications and are poorly maintained by people who don’t have the money, time or knowledge to do so.  Then some poor security guard is blamed because a consultant or electrical engineer who didn’t know what they were doing did a bad design job.  They get fired because a million alarms a year are generated by an poorly performing access control system and the guard failed to identify one legitimate alarm amongst all the illegitimate alarms and someone’s office was broken into.
 
Owners continue to pile on systems to be monitored in control rooms. This will negate their effectiveness without enough properly trained staff to monitor them. Control centres have become hubs with multiple security, lighting control, elevators, building HVAC systems, etc.  Owners have extremely high expectations of their staff but they don’t want to compensate them. Staff can get overwhelmed with everything that is going on and as a result can miss important alarms and events.

Security practitioners need to think before they buy.  Otherwise they will end up wasting time, effort and money. To effectively protect an organization, a great deal of thought needs to go into deciding what is in the best interest of the organization.

Glen Kitteringham, M.Sc., CPP, F.SyI., is an independent security consultant and instructor at the University of Calgary.