Deploying a PSIM platform across an enterprise is unlike any other Security investment in that it reaches across all stakeholders within the enterprise. This article gathers useful insights from our experience gained deploying some of the largest and most complex PSIM deployments in the World today. It provides a short overview on the steps that need to be taken to ensuring a PSIM solution that will fulfil your organizational requirements both today and tomorrow.
1. Business Case
Highlights: As in any capital investment, a supporting business case justifying the financial and human capital investment is required. Deploying a PSIM platform across an enterprise is unlike any other Security investment in that it reaches across all stakeholders within the enterprise. When developing your business case be sure to incorporate input across and most importantly attain buy in from these key stakeholders as early in the process as possible.
Proof Statement: PSIM consolidates and automates a businesses’ Operating Procedures across an organizations security framework. A holistic PSIM implementation meeting the ambitions of the business will be achieved when participating department heads contribute to the business case.
Risk: Short cutting this process could result in late stage challenges by key stakeholders delaying your schedule and/or increasing project cost.
2. Well Defined Objectives
Highlights: Without well-defined objectives a PSIM deployment could fail to meet the expectations of all stakeholders. Objectives need to reflect the requirements for the system (or of the business) in order of priority, and should been set in phases aligned to the PSIM role out.
Proof Statement: When defining PSIM objectives you need to ensure there are;
• Quantitative: The PSIM objectives should be easily, measured, monitored and reported,
• Time-frame specific: Time frames should be specified in all of your PSIM objectives,
• Flexible: PSIM technology is extremely powerful; it will redefine the way you work. It is important to revisit your objectives regularly to ensure they reflect these changes,
• Understandable: The PSIM objectives should be created in an understandable way that can be easily communicated without having to decipher jargon,
• Realistic: It is important that the PSIM objectives are realistic, or you may end up disappointing your stake holders and yourself.
Risk: Your PSIM solution will only meet your objectives if they are clear and understood by all key stakeholders.
3. Risk Management
Highlights: All organizations are averse to risk. Managing risk is therefore fundamental to any PSIM deployment. Failure to account for risks in the technical, schedule and cost domains can quickly doom a project. The emphasis on stakeholder needs, requirements based design and thorough integration testing all serve to ensure that risks will be identified and an effective mitigation plan can be developed early in the design process. Ensuring your PSIM provider has deep integrations, backed by solid technology partnerships with the manufacturers of connected systems is vital.
Proof Statement: Creating an up-to-date risk register and communicating this along with its likely impact to all key stakeholders will ensure that all risks are quickly identified, understood and escalated before they jeopardize a PSIM deployment.
Risk: Without suitable risk management a PSIM deployment could be jeopardized.
4. Scalability & Flexibility
Highlights: Every organization changes overtime, be it through M&A activity or through natural growth or staff changes. Furthermore, processes are constantly evolving to meet changing business and compliance requirements. PSIM is a long-term investment; a decision made today will need to support your requirements tomorrow, whatever they may be.
Proof Statement: Ensuring you choose a PSIM solution that allows you an easy and cost effective path to scale up or down to meet your needs will reduce the risk of needing to change systems a few years down the line.
Risk: Choosing a PSIM solution that does not scale or allow you to easily change in-line with your evolving process will mean you need to upgrade your PSIM system prematurely.
5. Fail to Plan, Plan to Fail
Highlights: An enterprise wide PSIM deployment takes detailed planning and constant communications to ensure all of the critical deadlines are met on time. Managing multiple vendors and internal departments is a full time job in itself.
Proof Statement: Employing an experienced full time Technical Project Manager (PM) will help to ensure all of the moving parts of a PSIM deployment are as expected and on schedule. Selecting a PM who has experience in deploying large IT systems will further reduce the risk of missing deadlines.
Risk: A PSIM deployment without a PM can take longer than expected, resulting in a deployment that falls behind the expectations of stakeholders.
6. Ensure all Requirements are Identified
Highlights: Taking a systems approach to this process provides greater likelihood that requirements definition will be both more thorough and more accurate due to a systematic approach to elicitation of requirements from stakeholders.
Proof Statement: It is therefore essential to develop an Operational Requirements Document (ORD), which will help ensure a 360 degree audit to ensure a complete list of requirements is gathered. This will go through each of the systems and identify input & output requirements such as external interface requirements and functional requirements, as well as defining system-wide and technology requirements such as performance and usability requirements.
Risk: An incomplete Operations Requirements Document could lead to unhappy stakeholders and could add time delays to achieving a system that is approved by all.
7. Establish Change Management Rules
Highlights: A PSIM deployment could involve hundreds of individuals from across an organization. The power of the technology and its ability to apply and enforce rules universally needs to be considered. A seemingly simple change in the system can have far reaching implications across an organization. Therefore each request for change, no matter how trivial, needs to be recorded and approved.
Proof Statement: Establishing rules on how to manage requests for change outside of the scope of works needs to be documented prior to a deployment. Establishing clear roles within the organization and approval processes for such changes will support this activity.
Risk: Without documented change management rules the complexity of features and requirements can quickly change resulting in a system that does not meet the original objectives.
8. Establish Partnership with Key Stakeholders
Highlights: Installing a new PSIM solution is a complex business. Without the support of all stakeholders including Security, IT and operational departments the deployment will be fraught with conflicts and departmental rifts.
Proof Statement: Establishing cross departmental partnerships and getting all key stakeholders behind the common objectives is key to getting the support needed to deploy an enterprise wide PSIM solution. Keeping regular scheduled communications with all stakeholders will enable any issues to be quickly identified and managed.
Risk: Without support from all key stakeholders a PSIM deployment will take longer to achieve and will create conflicts leading to timelines slipping.
9. Plan for Change, “Things Will Not Go As Planned”
Highlights: As with all the of best laid plans, not everything could go as expected. A PSIM deployment will unearth issues which had not been previously identified. This could add delays and cause friction with stakeholders and vendors alike.
Proof Statement: Ensuring there is flexibility and contingency in your plans will help to ensure deadlines and expectations are met. Working closely with your PSIM vendor and using the wealth of experience they have in these types of deployments will help guide you to creating a plan that factors in some contingency for the unknown.
Risk: Without flexibility and contingency in the PSIM deployment plan you are risking missing deadlines set.
10. Select the Right Integrator
Highlights: PSIM is unlike any traditional security systems, as it combines a wide range of disciplines; physical security, networking, IT systems and business systems. Many traditional physical security integrators are unprepared for this convergence between physical security and IT systems and simply didn’t have the skill sets required to deliver PSIM solutions
Proof Statement: Ensuring your PSIM integrator has the relevant IT systems engineering, project management and physical security experience will help to ensure smooth deliver of your PSIM deployment. Pay particular attention to the integrators certification by the PSIM vendor, which is something all reputable PSIM vendors should be actively providing their integration partners with.
Risk: Without suitable certification and proven experience, an integrator can add considerable risk to a PSIM project.