Friday, July 31, 2009

Legal and Compliance help for Security

The last couple of years, there has been so much discussion around Security and IT "convergence". I myself have sat in meetings with the reluctant IT team who, due to "Streamlining" and "Downsizing", has been placed in charge of a disparate video and access control system.

Issues can be raised on both sides. The Security Team loses control of very important assets in getting their basic jobs done. The IT Team has a better understanding of the underlying infrastructure required for many of the modern security systems. The Security Team should be open to the idea of not having to support a fully networked system because it frees them up to focus on their primary objectives. The IT Department ticketing system is cumbersome and difficult to get immediate answers to problems. These types of issues often raises walls between the teams, which seem impassable.

But consider for a moment who the internal customers might be of the security system (specifically CCTV), and how the ongoing argument and apparent gridlock might affect them. Consider the Legal Department first. Imagine a consumer filing a complaint that says they slipped in a back aisle of a store. The legal department calls upon the Security Department to show all video from the store's CCTV System that might prove or disprove the case. Security Department connects remotely to the in-store recording system, downloads the appropriate video, and centrally stores it for legal purposes. A timely presentation of video shows the consumer setup the scene and acted injured. Case closed. But if video system is not connected to the corporate network, the process becomes quite cumbersome and a risk of "chain of evidence" and time delays, becomes standard!

Compliance is another group often affected by a security system's remote connectivity. Standard Operating Procedures (SOP) of an organization may require that a branch maintain at last 90 days of storage in a retail bank's video recording system. With proper network connectivity, and centralized management software showing "Days on Disk" in a spreadsheet-type format, a regular check of the system for compliance, immediately, and by the Compliance Officer themselves, is natural and simple. Imagine attempting to accomplish the same goal requiring potentially hundreds of individuals (store managers, or technicians) with a written process of querying the recording system and reporting back to a central group of people in the hopes that, at sometime, the information can be compiled and put into a spreadsheet-like format with limited number of errors.

Take head Security Managers, maybe "discussions" with IT about the cost of them supporting your large roll out of NVRs is NOT such a huge issue. Perhaps gaining the ear of the Legal Department is another way to overcome these impasses and maybe even provide increased budget...

Security Caffeine...

No comments:

Strategies to Optimize Every Customer Interaction