Quality is now a big selling point for security systems, due at least in part to increased corporate and personal liability in today’s workplaces. All solution manufacturers will claim that they produce quality products for their customers, but how can purchasing end users actually prove for themselves a given security system is all that it claims to be? Here, Steve Bell provides some useful pointers.
A high-quality security system is, of course, an extremely important part of any successful risk management regime. Poor quality security products and software have the potential to result in high replacement costs, lost productivity and income, damage or loss of plant and property, injury to people or – in the most extreme of cases – even loss of life.
When everyone’s talking the high-quality game, though, how can you as the purchasing security and risk management professional ensure that a security solution is up to the required standard?
How to prove quality
Proving quality can be tricky. It’s something you need to assess during the due diligence process. There are some essential pre-purchase questions you can ask of potential vendors to help determine whether or not what you’re buying meets ‘The Gold Standard’ when it comes to quality.
*Does the manufacturing company have a dedicated Quality Assurance team?
*Are there multiple quality checkpoints throughout the development and production process, and not just at the beginning and the end?
*How does the manufacturer test its software? Best Practice today involves the use of automated testing, whereby each build of the software is fully exercised
*How reliable is the company in delivering a new version/product on the date specified?
*What is their process for resolving technical queries? How are issues recorded and addressed and is feedback shared where and when appropriate?
*How confident is the manufacturer in terms of its hardware? This is evident in the warranty period – one year indicates a lack of confidence in the product, whereas a five years to a lifetime warranty means its backed to the fullest
*Does the manufacturer use penetration testing to externally verify the security of the product?
*How accessible and responsive is the manufacturer?
In short, can the vendor prove that quality is thought about and baked into the end-to-end design and manufacture of the product that you’re buying?
Support questions with thorough research
Of course, many suppliers will answer these questions positively, regardless of the reality. That being so, make sure that you back up your questions with some research. How do they demonstrate their focus on quality? Can you ask to visit their factory or a client site to see the product in action?
You can discover a whole lot about a company by asking for references from existing and previous clients. Find out how long they’ve been with the company, whether they’re having a great experience and how any problems are responded to and resolved.
Some would argue that quality can also be judged on cost by simply looking for who has the most expensive system. Alongside other measures, I think this has some merit. The old adage ‘you get what you pay for’ has a ring of truth about it, and I believe quality in security is absolutely worth paying for.
Quality process standards like ISO 9001 are another good starting point. They will ensure that the company has some processes in place that should deliver reliable results, but to achieve a ‘Gold Standard’ quality security system takes more than that.
The manufacturer must understand the needs of the security market and listen to the real life problems and risks that end users are trying to resolve and mitigate on a continual basis.
Manufacturers should be dynamically updating their offer to meet the changing environment. If they don’t, then the system you purchased two years ago with the expectation that it would last for seven-to-ten years may struggle to meet your evolving expectations.
It’s important the manufacturer can provide options to move forward through generations of a product as painlessly as possible. Is there an incremental path for you to migrate to the emerging security technologies – both hardware and software? This particularly applies to cyber security updates after the original purchase is made.
Ongoing support and system updates
It’s key to ask whether ongoing support and updates are provided after you purchase. It’s especially important to ensure that it’s possible to upgrade firmware, not just software applications, within the solution you choose.
A good example of this is that many end users have been caught out with a system that has not stayed up-to-date with the current operating systems, and their Windows XP server is no longer approved by their IT policy. This requires a major replacement project rather than an incremental upgrade. The last thing you want is to have to rip out and replace a whole lot of stuff because of a major upgrade.
Ultimately, there’s no replacement for your own high standards. Quality means different things to different people and you need to decide what’s important to you and your appetite for risk.
What’s the impact on your business if a privacy breach occurs and staff or client information is exposed? Define the evidence you need to be able to trust you’re receiving what you paid for.
Most of all, make sure that you have a good contract or agreement in place that covers the supplier’s obligations as part of the due diligence process.
Ultimately, you’ll never regret buying quality, but you must do all you can to ensure this is indeed the case.
Steve Bell is Chief Technology Officer for Gallagher Security