By AMAG Technology, Vice President of Products and Partner Programs, Dave Ella
Organizations using AMAG’s Symmetry Security Systems throughout the European Union [EU] are preparing for the new General Data Protection Regulations (GDPR) which take effect from May 2018. GDPR will require organizations who control or process personal data from EU residents to obtain consent from employees, visitors and contractors for data stored in physical access control systems. Organizations will need to define why the data is needed and when it will be removed. The new regulations reflect the cloud hosted nature of many current information systems, but also have implications for on premise installations which are typical of security systems. Fines for non-compliance are steep – up to 4% of annual global revenue – so these are regulations which organizations must take seriously.
Multi-national organizations with a single access control system spanning North America and Europe will potentially be affected by the new regulations, as a database held on premise by an organization in North America will be subject to the new regulations in the same way. If a third party organization such as a security integrator is either hosting the server or managing it on a day to day basis, there are potential implications for that third party, even if they are not situated in the EU.
Access control systems are capable of holding extensive levels of personal data and as with previous regulation, organizations need to ensure that the data held is relevant and justifiable. It is easy for an organization to import data from an HR system which is not directly necessary to the specific security application. Retention periods, particularly for former employees, contractors and visitor’s personal data, also need to be considered.
An important new aspect of the GDPR regulation includes data from which a person’s location can be calculated. While this is presumably targeted at web applications which track cell phone location, physical access control systems do hold data related to who has gone where and when, so the responsible parties within an organization need to take this into account. As with any new regulation, it is unclear how this will be interpreted in a real-world scenario.
GDPR broadens the definition of ‘personal data’ to mean anything that could identity a person. For example, an email address, home address, job title or type of car one drives. Other identifiers could include gender, political views, biometric information and personal interests.
There is a strong link between GDPR and cyber security since security of the data being held is understandably seen of great importance under the regulations. It is important that AMAG customers have hardened their system using IT best practices and considered using the encryption mechanisms within the Symmetry system.
With web based applications in mind, the regulations now insist that people explicitly agree for their personal data to be held by a system – typically by proactively ticking a box in a sign-up screen which must be empty by default. How that will be interpreted for the systems of organizations which require to hold personal data such as HR and payroll systems – and security systems – is not yet totally clear, and statements in employee terms and conditions of employment may still be sufficient. Visitor Management systems need to be considered too, as some personal data of visitors either in a Symmetry database or as video will also normally be held.
Video Management Systems, and the retention periods for storage of video data fall under the GDPR regulations as well. As with all personal data recorded by business systems, as long as there is a genuine need for the data to be held for a given length of time, and the systems have been considered and recorded by the organization’s data protection officer in line with the new regulations, there should be no major implication for the Symmetry user in terms of the continuation of their physical security arrangements.
AMAG certified resellers with customer sites in Europe, and security managers in Europe should familiarize themselves with the new regulations and co-ordinate with each organization’s data protection team to ensure that their activities are fully compliant.
To learn more visit: http://www.eugdpr.org/
By AMAG Technology, President, Kurt Takahashi
At first glance, access control systems may appear straightforward: built simply to lock and unlock a door. But delve deeper, and the administration of granting approval becomes extremely labor-intensive, and timely, in nature.
Email traffic between security teams and site managers or business owners becomes overwhelming, as requests for approvals must be granted and access taken away manually, and precious time is wasted generating reports.
While this in itself is problematic, it also leads to a rise in third-party compliance regulations. In the US, these can include everything from the Health Insurance Portability and Accountability Act for the healthcare sector to the North American Electric Reliability Corporation’s Critical Infrastructure Protection standards for utilities.
So, how do you efficiently manage the way that physical identities are requesting approval, and ensure that it is carried out correctly?
A self-contained solution
For many years there hasn’t been a solution to automate this process; one of the biggest problems with identity and access management – aside from technological developments – being the lack of knowledge around the benefits that it brings.
In response to this, AMAG Technology has developed Symmetry CONNECT, a policy-based identity management platform that addresses three fundamental areas – cost, compliance and risk – while streamlining and automating timely manual administration processes.
The platform is a simple-to-use self-service portal, where the user can log in and the system automatically identifies them, their role, location and the training and certifications that they possess – all the data contained within a company’s HR system.
Once the user has requested access to a particular site through the portal – a data center, for example – it sends a notification to the area owner, who can automatically see whether the user meets the criteria, and approve or deny the request.
There’s no intervention by anybody, with the system controlling both the policy and the actions. Because the entire transaction is self-contained, it can be reported on and audited against immediately, without the need for manual verification.
Equally, when onboarding new employees, the same methodology is in place. The system will use HR data to automatically grant access to a new employee, when needed, on one or multiple sites across the globe – and terminate access when the employee comes to leave the company.
Depending on the customer, requirements can be specified even further. As well as interfacing with our access control system, Symmetry, and a company’s own HR database, we can also draw upon other information. For example, CONNECT could acknowledge a company’s policy for international travelers, who may be required to sign a non-disclosure agreement before entering a building. Equally, the system could take background check information into account to manage access to a children’s hospital.
Reaping the rewards
With technology and innovation at its heart, CONNECT provides a completely unique solution to the market, and a lot of research and thought went into developing the system. We looked specifically at compliance requirements, because a lot of these have specific needs that are derived out of the access control system, which controls a site’s restricted areas.
Designed for any business working within a regulated market or that poses a high risk potential by allowing access to the wrong person – be it a bank granting incorrect access to a cash vault, or a utility company to a substation – the system has the potential to significantly improve a company’s bottom line.
Alongside the compliance benefits, with the platform controlling the process and providing automatic vetting and reports, reducing the amount of manual reporting – across enterprises where thousands of people are often involved in approval processes – results in substantial cost savings. From a risk perspective, because it’s a policy-based system, the actions are controlled by the user from beginning to end. They can ensure that the right people have the right approvals every time, lowering the risk.
This three-pronged, automated approach is proving very successful with businesses worldwide. In fact, one customer has recently expanded its use from North America to Europe, the Middle East, Africa and Asia Pacific. We automate over a million audits a year for the business, which used to be performed manually, so the people, time and money savings are monumental.
Improved data consumption
While the platform works exclusively with the Symmetry Access Control system, CONNECT operates as an open application, which means it can integrate into most third-party databases to help consume any and all information that’s pertinent about a particular physical identity.
In the future, technological integration and automation will be paramount in the identity management and access control business. While continuing to enhance compliance, the immense amount of data collected about our people, where they’re going and how they’re going will feed into our vision of a risk-based, data-centric future.
This primary source of information feeds into a larger platform that will allow us to extract and present more intelligent data – not just around identities, but also activity and risk. This plays a pivotal part in forming a bigger picture moving forwards, a picture that will help us to better understand data, people and behavior, and their significance when it comes to security.
AMAG welcomes Larry Butsch as the Regional Sales Manager for the newly combined Great Lakes and Central North Regions. Larry is based in Ohio, and will drive sales, generate new business opportunities and provide sales support to new and existing security integrators, end users and consultants.
Larry joins AMAG from HID Global – Quantum Secure. An industry veteran, Larry has worked in all areas of the business, but the majority of his career has been in the security manufacturer sales side of the business. He is looking forward to meeting each and every one of you. Please feel free to contact him at email@example.com or 513-708-1877.
We are excited to announce that Sara Griffiths has been promoted to Regional Sales Specialist for the Southwest. In this newly created position, Sara will be assisting Regional Sales Manager, Chris Randall with supporting new and existing customers in this growing region. She is looking forward to getting to know her customers and will be reaching out over the next three months. You can reach her at firstname.lastname@example.org or 310-518-2380 ext. 248.
Dan Eldredge joins AMAG as Business Development Manager, Central. He will be responsible for developing relationships with consultants and engineers to develop new opportunities and grow the business. Previously, Dan worked at Convergint Technologies for eight years where he held several National Accounts and Sales roles. He is based out of Texas and reports to Director of Business Development, Kami Dukes. You can reach him at email@example.com or (346) 305-0510.
After spending a short time as an in-house applications engineer with an end user, we are happy to announce that Joe is back in the field. Joe is ready to serve our customers and provide pre-sales and post-sales applications engineering support. You can reach Joe at firstname.lastname@example.org or 310-218-2076.
AMAG’s inside sales department works closely with our customers and the AMAG sales team to answer questions, help with project quotes and renew site support agreements. In an effort to put a face with a name, we’d like to introduce you to our growing inside sales team!
Greg Diamond, Manager of Sales Operations
Greg started at AMAG back in November 2010 as a Senior Analyst for sales, finance and operations. He was promoted to Manager of Sales Operations in August 2015 where he’s grown the inside sales team from one to four, with more growth expected. With his analytical background, he’s always been excited about looking at data in interesting ways to help influence the company’s larger decisions. More recently as a manager, he gets the most satisfaction from watching the people on his team grow as employees and get promoted throughout the company. Greg enjoys running on the beach, playing basketball, rooting for his Lakers and spending time with family and friends.
Maisha Pace, Inside Sales – SSA’s
Maisha has a unique role within the inside sales team. As the SSA inside sales specialist for nearly seven years, she sells Site Support Agreements to our customers. SSA’s let our customers upgrade their Symmetry software to the latest version as well as provide access to technical support to resolve any technical problems. She enjoys being part of a team that keeps businesses secure and helps customers immediately resolve their critical issues. The challenge of working for a growing company with cutting edge technology can produce a lot of excitement some days. Never a dull moment! When not working, Maisha likes to travel and attend sporting events and concerts.
Celina Louissaint, Inside Sales Specialist
As an inside sales specialist, Celina answers customer questions and helps with quotes from our resellers. She also works with our customers to renew their Site Support Agreements, and performs various administrative functions. Prior to starting AMAG in June, she was an Account Manager for Coca Cola and an Assistant Manager at Enterprise Rent-A-Car. In her new inside sales role, she likes that she is constantly learning new things everyday, whether it’s about the products, customers or AMAG. She graduated from California State – University of Long Beach, and likes to travel, read and relax at the beach.
Jane Green, Inside Sales Specialist
Jane started at AMAG in August 2017 as an inside sales specialist where she helps renew Site Support Agreements, answer customer questions and provide quotes for our resellers. She graduated from UCLA in June with a BA in Sociology, and interned at a health and fitness company. As a newer employee, she loves working for a company that keeps people safe and is challenged every day with learning her new job. In her free time, she likes to workout, eat yummy food, read, and spend time with her family. She loves to cheer on the Bruins!
Trevor Solt, Inside Sales Specialist
Trevor has worked as an Inside Sales Specialist at AMAG for over two years. Previously, he was employed at a security integrator where that knowledge has served him well helping AMAG customers. Trevor enjoys working with customers, and particularly likes meeting with customers, vendors and partners in person to learn more about their challenges and needs. When not working, he enjoys hanging out with his family.
If you have any questions about AMAG’s products and solutions, please contact AMAG’s USA inside sales team at 510-318-2380 or email@example.com.
With three hospitals, 15 clinics and 45 buildings, Cambridge Health Alliance was growing and needed to expand its existing legacy Casi Rusco security system which it had maxed out. Rather than completely rip out their legacy system, they upgraded to AMAG Technology’s Symmetry SR System and Symmetry CompleteView Video Management system. The SR system allowed CHA to use their existing wiring infrastructure, enclosures, card readers and cards saving thousands of dollars. With 4,000 employees to transition over, the upgrade needed to be seamless.
- Maxed out old system’s licenses
- 300 existing cameras used older analog technology
- Difficult to get service for failing security system
- Expensive to rip and replace, needed more affordable solution – 4,000 employees, three hospitals, 15 clinics and 45 buildings.
- Symmetry SR Solution allowed CHA to use existing wiring infrastructure, card readers and cards, saving thousands of dollars.
- Plug and play controller boards provided a fast and smooth upgrade process.
- Upgraded to Symmetry CompleteView Video Management System and converted over 120 cameras to IP in initial phase.
- Easy to add more card readers and cameras as system expands.
- Eliminated the expansion restriction, allowing for easy, cost-effective scalability.
- Seamless transition to new Symmetry SR system.
- Service calls greatly reduced as new controllers, software and video system were integrated.
- Symmetry Threat Level Manager provides ability to lock down areas in emergency situations.
The Symmetry SR System and Symmetry CompleteView Video Management System allowed CHA to deploy access control in areas where they could not otherwise due to their maxed out Casi Rusco system and provided expansive features to secure their patients, visitors and staff in today’s world. The robust reporting provides usable data to make better performance decisions. The user friendly software made training the security staff easy. AMAG’s Professional Services Team assisted with the database conversion, as over 4,000 card holder records with photos migrated over to Symmetry, saving hundreds of hours of database conversion work.
“We live in a changing world with elevated threat levels. We will have the ability to lock down areas in emergency situations. We have a threat level manager that is a work in progress and are confident in our Symmetry Security Management System,” said William Chase, chief of public safety, Cambridge Health Alliance.
CHA selected Spectrum Integrated Technologies as their integration partner.
Sue Mason, an inbound team leader at AMAG Technology in Tewkesbury, UK, has lost friends and family to cancer, including her mom. So when she saw an opportunity to raise funds to support research to find a cure, she started training for the Tewkesbury Half Marathon in support of Cancer Research UK.
Sue also started reaching out to family, friends and co-workers to sponsor her in the May 2017 event that attracted about 800 runners. She raised £733 ($948) in support of Cancer Research UK, and the G4S Match it! Program added an additional $500 (£387).
The G4S Match it! program supports employee community service efforts and the company’s Corporate Social Responsibility commitment. The program focuses corporate charitable giving on local community projects and good causes that are clearly supported by G4S employees. Match-it! program encourages AMAG and G4S employees to become involved in their local community by matching the money they raise for a charity, up to $500.
Northwestern Mutual Combines Modern Access Control Technology with Top-Notch Security Officers for a more Efficient Security Program
Fortune 500 company Northwestern Mutual not only changed the Milwaukee skyline when it built a new high-rise and three-floor Learning Center, it also improved the way it delivers security at both its downtown Milwaukee, WI campus and suburban Franklin, WI campus.
The downtown campus consists of an area of 2.5 million square feet with five buildings, including the new high-rise, Learning Center and commons space, that bolsters a workforce of over 3,000. The Franklin (Milwaukee suburb) campus has an area of 1.1 million square feet and two buildings that hold a workforce of 2,100.
Faced with the challenge of disparate systems for access control, alarm, video, intercom and visitor management, Northwestern Mutual used the building project to upgrade their security program. The goal was to work smarter by automating manual processes and streamlining security using one system. With several hundred sales reps visiting at once for week long continuing education classes, managing those visitors was a challenge.
Together, AMAG Technology and G4S Secure Solutions (USA) secured the company’s downtown Milwaukee campus and Franklin campus using the Symmetry Access Control – Enterprise System and Symmetry GUEST visitor management system, along with security personnel. Visitors check in quickly, improving lobby traffic flow, and the system provides an audit trail of who is in the building. The security team now works in a more streamlined fashion to deliver exceptional security.
- Disparate security systems
- Manage up to several hundred guests at a time without audit trail
- Control costs of securing new building
- Quality of security officer failed to meet expectations
- Symmetry – Enterprise Access Control system combines alarm management and all security data into one system
- Symmetry GUEST visitor management system and G4S Secure Solutions Security Officers at all entrances ensures professional operations
- Symmetry – Enterprise Access Control and Symmetry GUEST easily expands to secure new high rise
- G4S Secure Solutions (USA) Security Officer training and experience level corresponded to assigned post
Result of Solution:
- Symmetry – Enterprise Access Control interoperability secures both campuses, saving time and money
- Symmetry GUEST visitor activity data allows Northwestern Mutual to adjust staff as demand dictates
- Symmetry – Enterprise Access Control and Symmetry GUEST allowed Northwestern Mutual to leverage technology to reduce risk, streamline its activities and not add headcount when the new tower opened
- Security Officer qualifications correspond to unique needs of Northwestern Mutual
By choosing AMAG Technology’s Symmetry GUEST Visitor Management System and G4S Secure Solutions’ Security Officers, Northwestern Mutual was able to benefit from the synergies of working with one company for all its security needs. Symmetry GUEST allowed security officers to work smarter, not harder, and as result, no additional security headcount was needed for the new high rise. AMAG Technology and G4S Secure Solutions (USA) treated Northwestern Mutual as a true partner, working through challenges and creating solutions that improved security, streamlined processes and saved the company time and money.
By Ryan Howarth
General Manager – Technical Support
The recent security threat that has come via virus/malware has brought the needs of security and securing systems to the forefront. Below is some guidance that can be followed to ensure your Symmetry system is kept safe and secure.
The Ransomware attack was based off a vulnerability found in the Windows Server Message Block (SMB) 1.0. Symmetry only uses SMB for file sharing for backup locations and NVR if the video files are saved on a separate file Server. If you do not have this defined, you can remove this Service from Windows or update it to a newer version.
MS patch updates – AMAG provides a monthly list of tested patch updates. We recommend that these patches are regularly applied to your system. Visit our Partner Site to see if you are up to date.
AntiVirus – Ensure that Antivirus is installed and updated with the required exclusions for where Symmetry is installed to remove the need for re-scanning:
Program File\Security Management System (from V7 > Application Server / Client / NVR)
ProgramData\Security Management System (from version 8> Application Server / Client / NVR)
Program Files\Microsoft SQL Server\MSSQL\Data (Microsoft KB309422 Database)
Windows\System32\msmq (Microsoft KB829259 clients\Application Server)
ProgramData\Symmetry (from version 8> for NVR’s)
Port listing – Please refer to the Software Installation Manual Appendix E, as this will provide the port listing that Symmetry requires depending on what has been setup and configured.
Symmetry files/patches – Ensure you only load Symmetry files from either the Partner website or supplied via our AMAG team. All software supplied by AMAG is code-signed, so please check the validity, and review any Microsoft security messages that are displayed as part of the installation process.
Database Backups – Ensure at a minimum that a daily Symmetry database backup occurs and that these backups are stored off the network. In an event of a required full-rebuild of your system, you will have a backup of your database if the database computer becomes unusable.
Upgrading – As older versions of Symmetry and Microsoft products reach the end of their Support and Maintenance lifecycle, it is increasingly important to upgrade Symmetry and the underlying OS to ensure the health and security of your system. As part of your maintenance program, upgrades should be planned for on a regular basis.
For more information about Symmetry Server maintenance best practices, a more detailed guide has been compiled by the Support Team and is freely available on the AMAG support site.
AMAG welcomes Jonathan Moore as Senior Director Enterprise Solutions Group. Jonathan is responsible for managing pre-sales and enterprise sales support for Symmetry solutions. He is an expert in compliance regulations in several vertical markets, and will capture and design solutions enhancing operational efficiencies based on AMAG’s products. Previously, he held several positions at Quantum Secure, the most recent was Director, Technical Solutions North America.
Adam Hetman joins AMAG as an Applications Engineer. Adam will be responsible for providing pre-sales technical and consultative support to AMAG’s RSMs regarding new sales opportunities throughout the US. He will assist with specifications, trade shows, and will support resellers and partners with all aspects of pre-sales and applications engineering. Adam worked at Tyco for nearly 18 years as a sales estimator and installer.
Both Jonathan and Adam report to Vice President-Enterprise Solutions, Stuart Tucker.
Ergonomics. For some organizations it’s a matter of health and safety. For others it’s an issue of efficiency. Regardless, ergonomics is always a financial concern – particularly in highly technical operations where ergonomic upgrades to a control room require a much greater investment than a few keyboard trays.
Well-designed control rooms balance efficiency with ergonomics by fitting the surroundings and demands of the job to the capability of the operators. A key aspect of any successful ergonomic control room is the console – it is the piece of the puzzle that connects the operator to the technology and therefore has a significant impact on performance.
Justifying ergonomic changes can be challenging in even the best economic times. Managers will be more likely to commit to ergonomic improvements when they understand the economic benefits of the investment.
There is little question that ergonomic improvements result in greater comfort and improve the performance of operators monitoring very complex systems. However, management is more likely to judge these benefits by their financial return on investment (ROI) than their direct effect on operators.
The cost vs. benefits of incorporating an ergonomically designed console in the control room can be analyzed from three perspectives:
- Regulatory compliance
- Improvements to health and safety of workers
- Increases in operator efficiency
Together, these ROI models can be used to demonstrate a direct correlation between ergonomic improvements and positive financial returns.
With this in mind, the international standard known as ISO 11064 provides guidance on ergonomic design of control centers. Primarily, the standard recommends taking top-down approach to designing the control room with the greatest emphasis being on human factors.
The standard takes into consideration the specialized tasks required in control rooms and outlines a process for achieving user-centered design, which reflects how operators interact with systems to perform various tasks in the control room environment. In complex technical environments such as control rooms, operator error can result in disastrous consequences.
Ergonomically designed control rooms optimize interfaces between operators and machines by taking into account the equipment used, the tasks required and fully recognizing the limitations of the operator to achieve greater productivity and reduce human error.
Furthermore, an ergonomically designed control room can improve flow and efficiency, requiring fewer operators to perform the same number of tasks without sacrificing the quality of work. This may result in financial gains due to reduced staffing costs.
Looking beyond the numbers, ergonomics is a good investment in improving the quality of life for workers. Operators that are more comfortable and better able to do their jobs will find greater satisfaction in their jobs, thus improving the morale of your organization. Happy workers are, after all, healthy workers.
Winsted is a proud sponsor of AMAG’s 12th annual Security Engineering Symposium to be held March 1-4, 2013 at The Loews Coronado Bay Resort in San Diego, CA. For more information about Winsted, please visit www.winsted.com.