5.9.25 – SSI- Steve Bassett
Security standards are the crucial guidelines that explain why, what and how physical security systems are set
A new client has reached out to ask for a detailed plan to set up a security system for a brand-new building. They give you the building’s layout, show you a similar project they’ve done before and ask for the proposal within two weeks. You finish the proposal on time and get hired for the job.
After you complete the installation and review everything together, the client tells you that the final result isn’t what they were hoping for or what they had asked for.
In my previous experience as someone who put things together, I’ve heard this many times, as have many of my coworkers. What’s going on? Is the customer being too difficult? You did exactly what they asked for, so why is there a problem? Maybe the real issue is that the right questions weren’t asked from the start.
Meeting Security System Needs with Standards
As a security consultant, we’re often asked to help businesses with technology-related problems. This might include replacing outdated or incompatible systems or adding new features to existing security setups. Before I examine a site, a system, a design or plans, I always ask a key question: “What are your security technology standards?” I can’t tell you how many times I hear, “What do you mean?”
In many security organizations, no clear standards were ever put in place, or over time, due to company mergers, leadership changes or a lack of experienced security managers, those standards became outdated or forgotten.
Security standards are the guidelines that explain why, what and how physical security systems are set up. In the example at the start of this article, they showed you a location similar to yours. Is that setup in line with the current security standards?
If a company doesn’t have any security standards in place, it means others might be making decisions about security that don’t match what the company believes or expects. When starting work with a new client or even with an existing one, asking to see their security standards should be one of the first questions you ask.
A key part of these guidelines is understanding the reason behind them. Why are we installing this technology at this particular site? What problem is the customer trying to solve?
For example, when working with a client who manages critical infrastructure, their main goals are to keep their site secure, prevent unauthorized people from getting in, and ensure their operations run smoothly. Without a clear plan based on careful assessment of the risks, they might not meet these goals.
Taking All Factors Into Consideration
Adding security cameras or sensors inside the facility can help alert you if a breach happens, but it might be hours before authorities can respond, and by then, damage could already be done and the intruders may be gone. Instead, if we base our approach on the specific risks involved, it might be better to install security measures outside the building to detect threats early on.
Security policies are just as important as security standards. They provide guidelines on how to properly use security tools and technology. The effectiveness of security systems depends not only on the equipment itself but also on how people, including security staff and employees, follow these policies. Different locations may have different security needs, so their policies can vary.
For example, Site A might have stricter security rules than Site B, requiring extra measures like special access controls, more cameras, or additional security devices. When we helped a customer select a weapons detection system, we also asked what their policies would be for using it.
After discussing, we realized it was necessary for them to develop a comprehensive security policy that clearly defined how the weapons detection system should be used and managed.
Developing a Security System Playbook
From my experience working in the industry, I’ve seen that most security teams often don’t have this important tool called a security playbook. A security playbook, especially for physical security technology, is like a step-by-step guide that helps ask the right questions.
For example, if you install a security system, connect everything properly, and it works—yet the customer says, “This isn’t what I wanted,” a playbook can help avoid that confusion. It sets clear rules and expectations, such as which type of camera should be used in a certain area based on security needs, or where to place two-factor authentication devices and how to set them up.
It also gives advice on how much extra space should be left in alarm system panels. In short, the playbook is a helpful guide that ensures all new installations, upgrades, and repairs are done consistently and according to agreed-upon standards.
Playbooks should be detailed guides that provide all the information needed to follow the established standards and make sure the right security technology is used in the right places. Often, playbooks are simple sets of instructions, like placing a motion detector in the lobby. The rules might say that all lobbies need motion detectors, and they should cover every entrance to the building.
In the playbook, it’s helpful to include examples of specific locations and what requirements they need to meet so the standards are properly followed. I also include my final documentation of the actual installed setup, showing how the design and standards were put into action.
Next time you’re on a sales call and the customer talks about wanting the best technology, all integrated with high-end security, it’s a good idea to ask some important questions. Find out what their security standards are, what policies they follow, and if they have a security playbook.
Let me share a story from my past to explain why this matters. I was brought into a company that was trying to add security practices to a business that installs fire alarms, sound systems, and audiovisual equipment. I looked for easy opportunities first: their existing customer base. I found a company that was having trouble with their security system and scheduled a meeting with the security manager.
This manager was new to the industry and inherited a system that didn’t work well and had many problems. The company that installed it before just kept putting quick fixes on the issues. My first question was, “Do you have a security standard?” We then spent two hours talking about what standards, policies, and plans they needed.
A few months later, I was asked to submit a plan to upgrade everything to meet the standards we discussed. They were considering two proposals: one from me and one from the original installer. The original company’s plan was to just update and improve their existing system, which was easier and cheaper. My plan involved completely replacing the system, which was more costly.
When I got the job, I was surprised to learn my quote was more than twice as high as the other company. I asked why, and the answer was simple: “The first time you came in, you asked me about our security standards. The other company never did.”
That made me realize that because I asked that question, I learned their true needs and standards, and they saw that our firm would actually meet those standards. The other company’s approach would never have achieved what they wanted.
Asking the right questions, and helping customers understand what they really need, will always lead to success.
Steve Bassett is senior director of security consulting for GMR Security.