We stated that the most important part of the management of security system selection was to justify the cost and balance the benefits of investment with the reduction of risk. At this stage, the assessment has been completed, recommendations vetted, and the benefits noted with costs justified to a Rough Order of Magnitude (ROM).
Perhaps even a Return-On-Investment (ROI) has been computed so that the ROM is reflective of the ROI, while not overspending or underspending.
Now is the time to get it right, the design, that is. Because the validity of assessment, opionion of probable cost, justification of ROM and ROI are inconsequential unless the system and its communications systems needs are designed properly or, in remote locations, even available.
Has anyone written everything down? Is there a good compendium that will support documentation in the event of an incident? Is the department protected in case of law suit? Can you justify to law enforcement that appropriate steps were taken? Because, to defray community concerns with hard evidence a matter of public opinion; that you did things right, not because you simply acted.
At this point, various memos, calculations, summations, and opinions have been broadcast, as well as presented to executive staff in a thoroughly professional manner. But, is there just one document that can represent the entire discussion representing assessment through recommendations, testing, and justification of numbers?
There is probably no single document that summarizes all the aspirations, conclusions, justifications, and sign‑offs. This is why the first phase of a good design project is called The Program of Requirements or simply The Program. The Program specifies in lay terms the thrust of the project, its dimension, the facts dealing with the expected costs, and summarizes expectations of infrastructure all the way through to monitoring. It is not an expansion of the PowerPoint presented to executive staff, but a ground‑up procedural document that details each step.
This one document is equivalent to the football playbook. It is The Program. It summarizes the plays, the degrees to which elements will travel, and puts into perspective the generalized aspects of a multitude of the plays to be expected through roll‑out and testing.
Does it identify the specifics? No. It must allow the flexibility to test all the elements because site conditions change, equipment varies, and contractors can only do their best with certain elements requiring highly technical skill sets in remote areas. So, even the personnel required by vendors and contractors may need addressing.
The Program could be one page or a hundred pages depending on the size of the project, complexities, detailed design, and relative complexity of disciplines such as site and civil, mechanical, electrical infrastructure, and communications. This usually requires a security engineering firm competent in all these disciplines to coordinate multiple site delivery strategies.
Here is a simple list of the first four (4) design phases required to specify the project (the last phase is Implementation which will be addressed in Technical Bulletin #6):
Phase 1 Program of Requirements Identifies the major requirements of the project from infrastructure to equipment and reflects on the operations that are required to match integration with sustainability and human interaction. It also summarizes delineation of work, costs, schedule, and critical and misunderstood communication requirements for remote networking and bandwidth.
Phase 2 Schematics Schematics form the drawing set which becomes the basis of the site plans with annotation for the required physical and electronic security documentation. Schematics would include a narrative of the required specifications in a shortened version. They usually represent only Part 1 Specifications which are reflective of system description and broad installation requirements.
Phase 3 Design Development Design Development gets into the particulars of the project and includes all disciplines and their relative effect on integration and coordination to make systems compatible and compliant within NERC CIP 014‑1 requirements. Design Development includes layouts of equipment, but usually not detailed infrastructure. It also includes Part 1 and titles for Part 2 Specifications in a more detailed way and is indicative of final input from the Owner and all changes that are expected. Once Design Development is signed off, it is expected that no further changes of major consequence will be made to the project either in equipment, infrastructure, or layout. Only minor changes such as conduit types, sizes of air units, structural specifications of fence, piping, etc., would be the expected variables or the scope of the project is changed and redesign must be addressed first.
Phase 4 Construction Documents Construction Documents may consist of either one submission or several until the Owner, User, Engineer, and Third Party approve of their application in offsetting threat and vulnerability to that level of acceptability specified in prior studies. Construction Documents represent a full set of plans which include:
- Description of work
- Site plan
- Detailed parcel plans and floor plans
- Integration diagrams
- System diagrams
- Panel layouts
- Lug and assembly points
- Port assignments and landing/termination documentation
- Device details
- Installation details
- Electrical details
- Panel schedules
- Grounding schedules
- Graphical user interface/touchscreen/command station layouts.
That is a substantial list. These projects are not commodity specifications of standard buildings, air conditioning, standard fire alarms, or standard lighting systems. These are particular “one-off” systems that are designed for security and public safety, including national security.
The Specification and Construction Documentation set comprises what will turn out to be the ultimate playbook for the success of the project both in complying with the assessment/recommendations and meeting the ROM/ROI requirements set forth through justification.
Hiring a Design Professional who has the integration experience of more than a dozen years, sees more security and facilities monitoring systems in one year than many utilities will see in 10 years, and has the breadth and experience to understand the nuances of good perimeter security is important. A good engineer will specify appropriate levels of proven product, providing sustainability for 10 or 20 years. This is an important factor for having specifications that bear scrutiny during construction and verification.
Because this is where the rubber meets the road, specifications form the highway to sustainability of systems. Put a little bit of money in and the road will be worn out in two years. Put a little bit more into the road and you may get five years. Build a substantial road with a great foundation and high-tech polymers and that road may last, even with heavy traffic, seven years.
Why and When are Specifications Required?
Specifications are ALWAYS required. Whether provided by an independent consultant, provided by your team, provided by the manufacturer, or provided by the design/build contractor, they are always required. Why?
Let’s look at this objectively. We’re all used to buying cars, dishwashers, washing machines, and large durable goods. Let’s stick with the car example. What if you bought car and you expected a five-speaker stereo surround sound and they gave you two little whizzer cone speakers in the side panels and said, “Well, we just couldn’t fit in the other speakers.”
What if your spouse couldn’t reach the steering wheel and they gave you ordinary mechanical seats instead of power seats and said, “Well, this is the only one they had in stock.” Would that be acceptable? Or, would you just pout, pay the bill, save the few dollars that they gave you back, and vent for the next three years while your spouse complains?
What if you lived in Michigan and they substituted rear‑wheel drive for all‑wheel drive? Would that be acceptable? This is why specifications written by an independent firm are much more valuable than those written by the manufacturer, vendor, or even the design/build contractor.
Let’s go one at a time. What do you get from each party if they write the specification?
- If the Manufacturer Writes the Spec The manufacturer is going to make their specification as proprietary as possible, and even put in items that they themselves might not be able to meet. But, it’s in writing and everyone else has to meet it. We have seen this several times in the past few years where manufacturers have specified product functionality, operation, or software that doesn’t even work in their system, but they expect you to reject the other competitor’s system based on their flimsy specification.
- If the Design/Build Contractor Writes the Spec The design/build contractor has overarching goals: to finish the project quickly, make a profit, and do it as expeditiously (that means economically) as possible. And while we might not be calling these “short-cuts,” we may be taking several steps that are intermediate and not maximally‑based on the needs of the client. For instance, when the specification does not include the latest technology for corrosion resistance of buried conduit, you can expect that conduit to absorb all kinds of water, cause grounds, and completely destroy the communication system upon which the system sensors are based. Meanwhile, the contractor saved several thousand dollars on a multi‑million dollar project. The several thousand dollars is much more important in the contractor’s pocket than it is in making you a better project for the next ten years. And, if you think the engineer that is hired by the design builder is independent, you might want to think that one through. It’s simple. Who pays the engineer? The contractor. Who does the engineer work for? The contractor.
- If the Independent Security Engineer Writes the Spec Having specifications written by an independent security engineer hired directly by the utility is the best answer. They represent you as the owner and only have one interest in mind; making sense of recommendations, completing the project on time, and meeting the targeted threat level in the most manageable manner. This method incorporates return‑on‑investment by reducing the dollars spent and keeping the project within budget and on time.
A Poor Result Reflects Poor Specifications
Let’s establish some criteria that have been otherwise accepted in past, poorly performing projects that we have witnessed in other installations.
Would you be satisfied with a specification or construction that left you with:
A 5-second card access read time?
Gates that took 3 minutes to open?
Video transmission at 3 frames per second?
Costs of cellular video approaching $100,000 per month from 40 sites or $1.2 million per year?
Specifications are more than just a playbook. They create the rules, regulations, and just as it states, the specifications by which performance must be measured, tested, and conformed.
When a project is complex, its solution circuitous, depend on a Professionally licensed Engineer with Physical Security Professional (PSP) Certification to complement the design, steer the electronics solution set, and provide your security personnel with an integration platform that is expandable, dependable, and sustainable.
This CIP START Technical Bulletin was issued by Professional Systems Engineering, LLC and prepared by Jerry ‘Dutch’ Forstater, PE, PSP. Mr. Forstater is a Professional Electrical, Electronics, and Communications Engineer licensed in 13 states and is Board Certified by ASIS in Physical Security. The firm has provided independent consulting and security strategy, design, specification, and construction expertise for almost 30 years. He is a graduate of the ASIS International Security Management Program through University of Pennsylvania’s Wharton School of Business, is a graduate of Worcester Polytechnic Institute, and has been providing significant corporate, utility, industrial, commercial, and related security and public safety programs since 1986. He is Vice Chairperson of ASIS International Philadelphia/Delaware Valley Chapter and former Board Member of the International Association of Professional Security Consultants. He is a Director of the Philadelphia-Delaware Valley Society of Fire Protection Engineers. PSE has provided significant physical security, electronic security, security lighting, and public safety 9-1-1/agency monitoring for law enforcement and corporate clients/agencies throughout the United States on installations that are critical to Homeland Security, infrastructure protection, and the public at large.