Bill Crews, port security and emergency operations manager for the Port of Houston Authority, uses intelligent video, intrusion detection and card access control as well as the TWIC card for transportation worker identification.

Cities, states, the federal government, schools, hospitals and critical infrastructure all have one thing in common these days. There are more and more rules, regulations, compliance issues, legislation, mandates and standards that they are forced to follow — or will be soon.

Some may see these as expensive obstacles to overcome. Still, systems integrators and dealers can see gold in those regulation hills. That’s if a security business understands what is specifically required; has the technology tools, installation and service experience necessary; and can accommodate the various unique cultures that vary from typical business clients.

Then there are the profit margins and pricing strategies that may prove more attractive, too (see “Pricing in a Regulated World").

Good examples of regulations that open opportunities are found in the banking and financial services with long-instituted regulations such as the Bank Protection Act (BPA) and the Bank Secrecy Act. Especially with the BPA, ground-breaking rules led first to still cameras and then video cameras in thousands of lobbies and branches.

Revised in 1991, the BPA requires banks to adopt appropriate security procedures to discourage bank robberies, burglaries and larcenies, and to assist in the identification and prosecution of persons who commit such acts. It requires a written security program for the bank’s main office and branches.<p>
The ability to meet bank compliance helped encourage more types of security technology beyond video, intrusion and hold-up alarms, and it continues to expand today, stretching to the entire setting, combining business and security.

John Shriner, senior vice president and director of physical security at Wells Fargo, the financial company, knows. “There are compliance and risk management people aware of the overall environment,” he says. But his more recent challenge relates to physical door access controls at the many branches around the country that meet both security and business needs. There’s an opportunity waiting.

Another arena where regulations, industry mandates and certification creates security and life safety business is healthcare. The 1,000-page healthcare reform legislation now being considered in Congress has plenty of incentives for physical security upgrades.

Understanding the operations is the first step to success. A recent survey of hospital executives discovered that unique circumstances and institutional cultural issues in healthcare facilities play a major role in decisions regarding security. Without exception, leaders said that culture is king when it comes to the hospital security function, according to Ken Bukowski, vice president of AlliedBarton’s healthcare division. In addition to understanding the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and other healthcare regulations, administrators believe there are mandated needs in workplace violence, infant protection and life safety.

Erik Dietrich, senior consultant, national facilities services, physical security and systems technology, Kaiser Permanente, says he keeps up with security technology with “best practices that are out there. There also are construction standards that cover security and life safety.” Specific to HIPPA regulations, it goes beyond protecting IT-centric records to also include the placement, use, handling and storage of certain security video, too.

Teresa May, who recently joined Stanley Healthcare Solutions as its president, agrees that there are many security and life safety issues driven by rules, regulations, accreditation, privacy and standards in healthcare. “These can range from inventory tracking to individualized protection,” May explains.

William Masterton, chief operating officer, and Mike Dunning, director of security and emergency management, at the Atlanta Medical Center, share a commitment that “safety of the patients, employees and visitors is all important,” says Masterton. For its emergency department (ED), they enhance security through technology and teamwork. Together, they’ve reduced violence and security concerns in the center’s ED even while its patient volume increased by an estimated 25 percent in one year.

Much like healthcare facilities, colleges and universities are micro-communities with a diversity of stakeholders and unique regulations by some states and on the federal level.

More recently, through new higher education legislation, proposed guidelines would update how colleges and universities respond to and report campus emergencies, fires in student residences on campus, missing students and hate crimes.

Under the new guidelines, colleges would, among other things, have to articulate how they will confirm “all hazards” emergencies on campus and issue immediate notifications to the affected segment or segments of their campus population. Colleges with student residential facilities on campus will have to disclose the level of fire safety in residences along with three years worth of statistics on fires as well as fire-related deaths and injuries. Underwriters Laboratories and the National Fire Protection Association have this year published their own mass notification guidelines, which may create more business in upgrading already installed notification gear.

Legislation and government regulations addressing new-age threats have accelerated after the tragedy of 9/11. The act also expanded the definition of terrorism to include domestic terrorism. No doubt, homeland security and its actions and regulations originally triggered speculation of a lot of security spending, but it was slow in coming, until more recently as the regulations moved through critical infrastructure industries and grants spurred spending in cities, states and law enforcement.

The granddaddy of much federally directed anti-terror regulations, the Federal Homeland Security Presidential Directive 12, got the physical and logical security ball rolling when the National Institute of Standards and Technology (NIST) initiated a program for improving the identification and authentication of federal employees and contractors for access to federal facilities and information systems. FIPS 201 (Federal Information Processing Standards Publication 201) is a United States federal government standard that specifies personal identity verification (PIV) requirements for federal employees and contractors.

There have been successes and bumps along the FIPS 201 road.

In the transportation industry, especially in relation to America’s ports, an identity mandate— ­ the Transportation Worker Identity Card (TWIC) — was designed by the Transportation Security Administration, DHS and the U.S. Coast Guard to provide a tamper-resistant biometric credential and background screening to maritime workers requiring unescorted access to secure areas of a port, a facility, and to vessels regulated under the U.S. Maritime Transportation Security Act, as well as to all Coast Guard credentialed mariners with a Merchant Mariner’s document.

This is where specialty software development in physical security plays an essential role, according to Geri Castaldo of Codebench. “It takes a keen understanding of middleware and interfaces (from traditional card access control systems and third-party databases) in the areas of HSPD-12, TWIC, First Responder Authentication Credential (FRAC) identity cards, and PIV II, among others,” Castaldo says.

Castaldo worked closely with Bill Crews, port security and emergency operations manager for the Port of Houston Authority, on his TWIC project. The bottom line lesson for dealers and integrators: Hook up with others or build your expertise in these card technologies, database requirements and middleware. “There are a lot of nuances and changing requirements so it’s important for a customer to effectively work with a provider who knows the mandates,” Joseph Menke, president, Electronic Security Concepts, says.

A case in point is the Common Access Card (CAC), a United States Department of Defense (DoD) smart card issued as standard identification for active-duty military personnel, reserve personnel, civilian military employees and state employees of the National Guard and eligible contractor personnel. There are numerous versions of the CAC, which was one challenge at the National Defense University, within Fort McNair in Washington, D.C.

Integrator Diebold was tasked with the design and layout of the electronic security solution and subsystems and to represent the electronic aspects of the security subject matter. The result: a “contactless” card technology that remotely connects with the reader’s operating system but communicates with the new upgraded technology and information. The design solved a critical migration issue by allowing the reprogramming of the reader without removing it from the wall.

Tony DeStefano, director of integrated security sales, TAC Systems Integration East, believes that those that succeed are firms that have products and systems that meet the requirements and in-house staff with the experience and expertise to provide solutions to decision-makers who may not themselves know all that is needed. “Security is now in the arena of the IP world,” he adds.

One example is from a project to protect the water storage tanks of the borough of Kutztown, Pa. Officials brought in IP video. The project, partially funded by the Pennsylvania Department of Community and Economic Development, worked well, according to Frank Caruso, IT director for Kutztown. “Our previous surveillance system was unreliable and prone to false alarms,” he says. “Set-up was easy and the system has quickly proven itself,” relates Dennis Cichelli, director of LANtek Inc., who installed the system.

The bad boy of regulations for some security businesses has been the emergence, growth and changes as many cities and jurisdictions enact ordinances regarding dispatching police and fire to alarm events. The alarm industry has published false alarm guidelines, but every jurisdiction often moves in its own direction and rules can vary wildly, according to Rick Hudson, vice president of security operations at Monitronics. Dealers need to actively stay informed about what is happening in their areas of operation.

No matter the type of business or agency, no matter the kind of law or regulation, integrators and dealers who stay informed and keep their customers first can succeed.

Pricing in This Regulated World

In tough economic times and when entering new verticals, revaluating product and service pricing is a necessity. Per Sjofors, a managing partner at Atenga, a leading pricing strategy authority, has some valuable advice on what to avoid.
  1. Avoid basing prices on costs, not customers’ perceptions of value. Pricing based on costs invariably leads to prices that are too high or too low.
  2. Avoid basing prices on “the marketplace.”
  3. Avoid attempting to achieve the same profit margin across different product lines. For any single product, profit is optimized when the price reflects the customer’s willingness to pay.
  4. Avoid failing to segment customers. The value proposition for any product or service varies in different market segments, and price strategy should reflect that difference.
  5. Avoid holding prices at the same level for too long, ignoring changes in costs, your competitive environment and customers’ preferences. Most companies fear the uproar of a price change and put it off too long.
  6. Avoid incentivizing sales people on revenue generated, rather than on profits. Volume-based sales incentives create a drain on profits when sales people are compensated to push volume at the lowest possible price.
  7. Avoid changing prices without forecasting competitors’ reactions. Smart companies know enough about their competitors to predict their reactions, and prepare for them.
  8. Avoid spending a disproportionate amount of time serving your least profitable customers. Know your customers: 80 percent of a company’s profits generally come from 20 percent of its customers. Failure to identify and focus on these 20 percent leave companies undefended against wily competitors.