Keen to comply
09 February 2017
David Roscoe explains why certification is a benchmark to which risk-management service providers should aspire in order to provide assurance for customers of high standards
IN A competitive and evolving market, how do providers of important risk and facilities management services make their mark, demonstrate their credentials, expertise and adherence to best practice, and win business in the areas of security, fire and management systems?
How, too, can the specifiers and end users of these services ensure that they are providing the highest levels of protection for their staff, facilities, visiting customers and on-site contractors? Equally, will the measures they implement satisfy insurance requirements by complying with both current and future legislation, as well as with response criteria imposed, for instance, by fire brigades and the Police?
It’s ironic that, in these days of Which? magazine and social-media recommendations, as well as government-backed and commercial initiatives such as TrustMark, Checkatrade and Trustatrader, third-party certification advantages aren’t more widely acknowledged. Practically speaking, they can give service providers the edge on their competitors, and provide customers with the reassurance they need.
Take this example: when a ‘Type A’ (remote-signalling) intruder alarm system in a facility is activated, it needs to be confirmed by an alarm receiving centre (ARC) ‒ or, in the case of CCTV surveillance systems, a remote video response centre (RVRC) – before the Police are alerted. In addition, such systems must be installed by a certificated provider under the Security Systems Policy of the National Police Chiefs’ Council (formerly ACPO). System providers who install, maintain and monitor security systems for Police response are audited for compliance by a certification body accredited by the United Kingdom Accreditation Service (UKAS).
Without this, and the associated Unique Reference Number (URN) assigned by the Police, level one (i.e. immediate) Police response simply won’t be available, thus exposing the facility to a range of risks, including, potentially, theft, vandalism, arson and attacks on staff.
Arson damage alone is enough to cause a company to go under. Even if it survives the initial impact of the incident, the business interruption, reputational damage and insurance-related costs can all have a significant impact, so the stakes are high.
The aforementioned Security Systems Policy also requires conformity to several British Standards. For example, systems monitored by an ARC or RVRC must conform to BS EN 50518 ‒ a revised version of which, incidentally, is being introduced in 2017. Importantly, the certification auditing process encompasses all relevant standards – whether the audit covers an intruder alarm system, or any other type of equipment.
So what exactly does the certification process involve, in a practical sense? Is it an onerous procedure for the risk-services provider? And does it really provide further reassurance for the customer?
Security Systems and Alarms Inspection Board (SSAIB) inspector Peter Cowell, whose tenure in the security industry has involved time spent on the other side of the fence, working for companies including Thorn Security and HSG Security, points out that the bar is set high but there are compensations. He explains: “We’ll only certificate companies that can demonstrate technical and managerial competence through an inspection of the processes and procedures they operate. Having said that, we’re friendly, approachable and non-bureaucratic.
“Certification means you can be confident in the quality of service you provide. Insurers increasingly require evidence that all steps have been taken to mitigate risk and ensure the safety of personnel, and assets, within the workplace.
“SSAIB-certificated companies meet or exceed insurers’ requirements and, by using an SSAIB-registered company, customers ensure that their system has been installed to all relevant standards, by a provider that is competent in all its working practices.”
Cowell concludes: “Having accreditation brings value to a business, demonstrating that the company has been independently inspected and that it can and does meet relevant industry standards. It also demonstrates the firm’s expertise and professionalism and gives the end user peace of mind that they’ve chosen the right company to whom to entrust their systems.”
Security and fire risk assessments aren’t the only areas that benefit from the auditing process. Management-systems certification schemes can complement product certification, or run independently of it. Quality-management systems certification to the latest ISO 9001:2015 standard focuses on the business framework ‒ management processes, continual improvement, identifying risks to the business, and customer satisfaction ‒ rather than emphasising routines and procedures.
Meanwhile, ISO 14001 is an international standard that specifies requirements for an environmental management system. It enables an organisation to develop and implement a policy and objectives covering legal and other requirements that it subscribes to, as part of its environmental management policy.
Similarly, compliance with OHSAS 18001 demonstrates that an organisation has considered all aspects of health and safety management in the workplace. This includes the health and safety of employees, contractors and visitors, as well as the introduction of robust procedures to ensure continual improvement and review.
Licensing and approvals
The benefits of certification and becoming a registered company don’t stop here; UKAS-accredited certification bodies are active in a variety of other associated areas, too. Security-manned services, such as keyholding and response, door supervisors, static site guarding, mobile patrol services, event stewarding and crowd safety are just some examples.
Security industry regulation requires inspection and licensing of defined manned-guarding service providers, including those engaged in public-space surveillance, security guarding (except for in-house staff) and cash and valuables in transit. In addition to licensing individuals the Security Industry Authority (SIA) operates a voluntary Approved Contractor Scheme, under which organisations that meet agreed standards may be registered as approved. This helps raise performance standards. Bodies approved by the SIA to assess the scheme, including SSAIB, inspect these providers against criteria such as British Standard Codes of Practice. Approved scheme providers can then advertise themselves as such. This offers potential end-user customers an additional layer of reassurance, in that these providers have demonstrated their commitment to delivering a quality service.
Recently, commercial, domestic and professional investigative services have been included within UKAS certification, under the umbrella of the BS 102000 Code of Practice.
This standard provides recommendations regarding conduct, management, staffing and operational accountability in the provision of investigative services and helps providers demonstrate their accountability ahead of potential government licensing of such services in the future. It’s good news for customers like financial institutions, law firms, local authorities and other businesses that require individuals to be traced, pre-employment and background checks to be carried out, tenancy fraud examinations to be completed, or court documents to be served.
Other examples of commonly conducted investigations include: vehicle insurance-claims validation, beneficiary tracing, property attendance reports, DVLA searches, credit-card recovery, injury and sickness investigations and housing tenancy-fraud services.
Third-party certification is also now required for public-sector camera schemes, under the surveillance camera commissioner’s code of practice. This is set in the context of a draft national surveillance camera strategy for England and Wales, one of the aims of which is to enable system operators to demonstrate compliance with the surveillance camera code of practice and other guidance.
Commissioner Tony Porter has ambitious plans for the code, which he has described as a “universally accepted example of good practice”. He has also warned scheme operators of the need to comply with the code’s 12 guiding principles, in accordance with the Protection of Freedoms Act 2012. His stated aim is to “achieve local authority compliance by the end of 2018”.
The commissioner is required to ensure that ‘relevant authorities’, including local authorities and the Police, comply with the surveillance camera code, but some organisations, such as Community Safety Glasgow’s operations centre, have already adopted it voluntarily.
The centre’s public-space CCTV activities aren’t covered, since the commissioner’s remit does not officially cover Scotland. Nevertheless, Community Safety Glasgow believed that voluntary assessment would show a strong commitment to best practice and demonstrate its alignment with the commissioner’s drive to raise standards across the industry through the certification scheme.
Major retailer Marks & Spencer also recently sought certification, after realising that adopting the code would provide transparency and consistency throughout its operations. As the first UK retailer to comply with the code, the company has already found that, as well as protecting its customers and staff by providing a safe and secure shopping and working environment, there are other benefits. These include, for example, cost reductions through value management and rationalisation of CCTV systems against their need and purpose. A reduction in the installation programme has also saved costs and minimised retail disruption.
On the fire-risk management side, British Approvals for Fire Equipment (BAFE), the independent third-party registration body for the fire protection industry, brought in the SP205 UKAS-accredited certification scheme, following the introduction of the Regulatory Reform Order (Fire Safety) 2005. The SP205 certification scheme enables anyone required by law and known as the ‘responsible person’ or ‘duty holder’ to carry out a fire risk assessment of a premises. This includes those who employ a specialist third-party company to provide this service, so they can demonstrate that they’ve taken the necessary reasonable steps to comply with their legal obligations.
As with security-sector certification schemes, a successful SP205 audit enables fire risk assessment providers to market their accreditation to end users as a benchmark recognition of their capability. It shows they have the required technical and quality management competency, and that their assessors possess the relevant proficiency and knowledge.
David Roscoe is security systems and ARC scheme manager at SSAIB. For more information on SSAIB schemes, visit www.ssaib.org