By AMAG Technology, Vice President of Products and Partner Programs, Dave Ella
Organizations using AMAG’s Symmetry Security Systems throughout the European Union [EU] are preparing for the new General Data Protection Regulations (GDPR) which take effect from May 2018. GDPR will require organizations who control or process personal data from EU residents to obtain consent from employees, visitors and contractors for data stored in physical access control systems. Organizations will need to define why the data is needed and when it will be removed. The new regulations reflect the cloud hosted nature of many current information systems, but also have implications for on premise installations which are typical of security systems. Fines for non-compliance are steep – up to 4% of annual global revenue – so these are regulations which organizations must take seriously.
Multi-national organizations with a single access control system spanning North America and Europe will potentially be affected by the new regulations, as a database held on premise by an organization in North America will be subject to the new regulations in the same way. If a third party organization such as a security integrator is either hosting the server or managing it on a day to day basis, there are potential implications for that third party, even if they are not situated in the EU.
Access control systems are capable of holding extensive levels of personal data and as with previous regulation, organizations need to ensure that the data held is relevant and justifiable. It is easy for an organization to import data from an HR system which is not directly necessary to the specific security application. Retention periods, particularly for former employees, contractors and visitor’s personal data, also need to be considered.
An important new aspect of the GDPR regulation includes data from which a person’s location can be calculated. While this is presumably targeted at web applications which track cell phone location, physical access control systems do hold data related to who has gone where and when, so the responsible parties within an organization need to take this into account. As with any new regulation, it is unclear how this will be interpreted in a real-world scenario.
GDPR broadens the definition of ‘personal data’ to mean anything that could identity a person. For example, an email address, home address, job title or type of car one drives. Other identifiers could include gender, political views, biometric information and personal interests.
There is a strong link between GDPR and cyber security since security of the data being held is understandably seen of great importance under the regulations. It is important that AMAG customers have hardened their system using IT best practices and considered using the encryption mechanisms within the Symmetry system.
With web based applications in mind, the regulations now insist that people explicitly agree for their personal data to be held by a system – typically by proactively ticking a box in a sign-up screen which must be empty by default. How that will be interpreted for the systems of organizations which require to hold personal data such as HR and payroll systems – and security systems – is not yet totally clear, and statements in employee terms and conditions of employment may still be sufficient. Visitor Management systems need to be considered too, as some personal data of visitors either in a Symmetry database or as video will also normally be held.
Video Management Systems, and the retention periods for storage of video data fall under the GDPR regulations as well. As with all personal data recorded by business systems, as long as there is a genuine need for the data to be held for a given length of time, and the systems have been considered and recorded by the organization’s data protection officer in line with the new regulations, there should be no major implication for the Symmetry user in terms of the continuation of their physical security arrangements.
AMAG certified resellers with customer sites in Europe, and security managers in Europe should familiarize themselves with the new regulations and co-ordinate with each organization’s data protection team to ensure that their activities are fully compliant.
To learn more visit: http://www.eugdpr.org/
The robot, called Bob, is carrying out tasks such as patrolling the offices, and monitoring the environment, checking doors are closed and that desks are clear. This is the first time that an autonomous robot has been deployed in a working office environment to do a real job.
By AMAG Technology, VP of International Sales, Ramon Grado
An industry colleague recently reminded me, “Perfection is the enemy of ‘Good Enough’.” So what does that have to do with Physical Security and Physical Security Information Management (PSIM)? As security professionals, shouldn’t we strive to do our very best to protect people, property, assets and reputations?
The answer is a resounding “Yes, but…” Most of us work under the constraints of limited resources, be they CAPEX and OPEX funds, time, personnel or energy. So, as a result, expenses get spared, people get cut, projects get scaled back or delayed and the goal of increased Situational Awareness and an improved response to threats becomes a faded or distant vision.
Borrowing from a fellow blogger, “PSIM systems are ungodly expensive. Not only that, but they take 12-18 months on average to implement. And at the end of the day, for all that valuable Security budget, PSIM doesn’t provide a complete solution.” While not all PSIM projects go that way, it is a fair description of most large-scale attempts to connect the unconnected. Most of you already manage physical security information to some degree. Increased Situational Awareness begins with defining objectives. The next step should be looking at existing tools, not always looking to place an overhead layer above them.
Surprise: some of the tools you are using, including AMAG’s Symmetry access control system, have the capability to provide increased Situational Awareness by allowing users to better manage the information they already capture, transmit, analyze, display and store. It is often a matter of adding context, not necessarily cost. This can be accomplished by activating existing functionality such as Visitor Management, Threat Level, Video Analytics or Workflows. Symmetry also offers integration with complementary systems such as VMS, intercom, biometrics, EAS, IDS and yes, if you require it and have the budget, full-blown PSIM systems.
So we return to my original point: what is good enough? This begs the question, “What are you trying to accomplish?” If we cannot define what we are trying to accomplish, then we are not prepared to evaluate solutions. As some end users of security systems are finding, often the solution to their particular security problem is just an enhancement to their existing system(s) or simply taking advantage of the features that are already embedded and available in them. Often all that is needed is some additional training or orientation, worst case a minor investment in expansion modules and/or Professional Services to create increased Situational Awareness.
Food for thought for next time: why do end users spend so much time, effort and money on systems to record and playback video of the horses leaving the barn instead of spending a little more on systems aimed at controlling access and keeping the barn door closed in the first place?
By EBS Program Manager, Shae Taylor
AMAG works to provide exceptional customer service to our customers every day. With so many technologies available to customers, it’s important to work with third party companies to meet the changing demands of customers and provide a cohesive and supportable multi-technology environment. AMAG’s Extended Business Solution Program does just that. It offers a clear integration path, certified by AMAG, to offer customers the integrated solutions they want. I am proud to say that 2013 was a successful year. Twenty-two new partners signed up for the EBS program, and 14 certified integrations were added to our list of integration offerings. A few partners are highlighted below. For a complete listing, visit the EBS webpage.
Salient – Symmetry integrates with Salient’s CompleteView v4.0 product to provide live and recorded video in the Symmetry video matrix, the ability to associate video to access control events, and receive motion alarms from the Salient NVR.
Entertech – Integrating Entertech’s BioConnect v2.0, Symmetry customers can utilize Entertech’s Suprema biometric readers for enhanced access control solutions.
PPM 2000 – Symmetry’s integration with PPM2000’s Perspective v3.3 allows Symmetry users to take advantage of Perspective’s powerful user account control and incident reporting capabilities to bring a complete workflow and situational awareness to our mutual customers.
Future Fiber Technologies – With FFT CAM v3 and Symmetry integrated, customers can take advantage of the robust perimeter detection offered by FFT and maintain a cohesive user experience by receiving those alarms through the Symmetry Alarms screen.
We are continually adding more integrations to our Extended Business Solutions program in an effort to provide our customers with choices that meet their unique needs.
For more information please contact Shae Taylor, Extended Business Solutions Manager firstname.lastname@example.org.
Or visit our website www.amag.com for more information on the program and a full list of our integration partners.