WA RREN J. BUJOL, IBERIA BA NK MA TTHEW RONIG ER, IBERIA BA NK

Physical Security Standards

Physical Security Standards

Agenda Making a Case for Physical Security Why have Standards? Risk Assessments - Justifications Alarm Standards Camera Standards Security Pack Standards Access Control Standards Training Executive Protection

Physical Security Standards

Disclaimer: The views expressed in this presentation are those of the

presenters. The content represents the work and opinions of the presenters and do not necessarily reflect the views of the Directors and Officers of IBERIABANK.

Making a Case for Physical Security

Bank Protection Act of 1968 Board Approved Written Security Program Designation of a Security Officer Establish a Security Program

To include opening and closing procedures Procedures to identify persons committing crimes Cameras, bait money, dye packs, track packs, etc.

Provide initial and periodic training t0 officers and employees in their responsibilities under the security program

Provide for operating, testing, and maintaining appropriate security devices

Making a Case for Physical Security

Security Devices – Each member bank shall have, at a minimum, the following security devices: A means of protecting cash and other liquid assets, such as a vault,

safe, or other secure area; A lighting system for illuminating, during the hours of darkness,

the area around the vault, if the vault is visible from outside the banking office;

Tamper-resistant locks on exterior doors and exterior windows that may be opened;

An alarm system or other appropriate device for promptly notifying the nearest responsible law enforcement officers of an attempted or perpetrated robbery or burglary; and

Making a Case for Physical Security

Such other devices as the security officer determines to be appropriate, taking into consideration: the incidence of crimes against financial institutions in the area; the amount of currency and other valuables exposed to robbery,

burglary, or larceny; the distance of the banking office from the nearest responsible

law enforcement officers; the cost of the security devices; other security measures in effect at the banking office; and the physical characteristics of the structure of the banking

office and its surroundings.

Standards

Definition: something established by authority, custom, or general consent as a model or example.

Why have Standards? Industry recognized practices; peer-reviewed Uniformity Mitigate Risks Ease of Use, Training, and Maintenance Vendor Relationships Limit Liability

Risk Assessments

Risk Assessments

Foundations and Budget Justification of Standards ABA Robbery Tool Kit Peer Financial Institutions Develop your own

Risk Assessments

Allows for rating of branch locations depending on variables such as: Robbery and other criminal history at or around location Staffing at location Type of building Where the Financial Center is located Major Road access Public Entrances into the branch lobby Vehicular Entrances to Premises Visibility into the branch Physical Security deployed by nearby bank branches Cash limit at location Other variables that you deem necessary

Risk Assessments

Scoring and Ratings Risk Rating 1 Risk Rating 2 Risk Rating 3

Assessment Time Frame Every two years Annual Every six months

Deployment of Physical Security is tied to Risk Rating

Alarms

Alarm Standards Type of panel

Intrusion Fire Combination

Communication method Network / Cellular / POTS (analog telephone line)

Keypad v. Panel Zones v. Areas Alarm Code v. PIN

Alarms

Monitoring Response Plan. What do you want the monitoring company or

your monitoring console to do when an alarm activates. False alarm management. Most LE agencies now have a false

alarm fee. Maintenance Contracts

What does it include? Preventative Maintenance – scheduled? Labor only? Parts and Labor?

Alarms

Permitting Cabling False Alarm In many jurisdictions, businesses are being fined for too many

false alarms ($50 - $150 fines) Business being monitored Life Safety – Fire Marshal

Alarms Bank Name Branch Name Branch Address City/State/Zip

Alarm Site # Alarm Installer Installation Manager

BRANCH ALARM SYSTEM Type of Alarm Panel

COMMUNICATIONS Network IP Address = Switch Port = Network NAT IP Address = Subnet Mask = Default Gateway = DNS 1 = DNS 2 = DNS 3 = SIM #

AREAS 1 Includes all detection points related to PREMISES Access (door contacts, window contacts, motion detectors, etc.) Front Door contact, Rear Door contacts

2 Includes all detection points related to CASH PROTECTION Devices (Vaults, Cash Safes, TCR, Night Deposit Vault, etc.)

3 Includes all detection points related to ATMs (SHOULD BE ARMED AT ALL TIMES) 24 hour zone

4 Includes all detection points related to OTHER areas as layout directs

PROFILES/AUTHORITY LEVELS 1 Manager - (all access points) all access areas 2 Associate - (premise access only) Area 1 only 3 Vault Custodian (Vault or Cash Safe) Area 1 and Area 2

4 ATM Custodian (ATM) Area 1 and Area 3 (ATM SHOULD BE ARMED AT ALL TIMES) 5 Janitorial (premise access only) Area 1 only 6 Maintenance (premise access only) Area 1 only

ZONES All Burglary Points Front door contacts Rear door contacts Motion detector

All Holdup Points Teller 1 HUB (hard wired) Teller 2 HUB (hard wired) Office 1 HUB (remote - wireless) Office 2 HUB (remote - wireless) Office 3 HUB (remote - wireless)

All Duress Points Keypad duress ATM duress

USER CODES 1 DURESS CODE 2-39 Branch Alarm Users Branch associates needing an alarm code 40 Janitorial Alarm code for the janitorial 50 Facilities Services Alarm code for the facility maintenance technicians 99 Alarm Technicians Alarm code for the Alarm Company technicians

500 Temporary Contractor Code Alarm code for contractor - premise only

Cameras

Camera Standards Type of cameras

Box, dome, interior, exterior Analog v. IP cameras

Cost, storage capacity, Areas needing coverage v. lenses

Mounting instructions (height, location, etc.) DVR, NVR, SD cards (IP cameras)

Storage capacity (GB v TB) Installation standards and directions Branch bandwidth needs v. camera bandwidth needs

Cameras

Viewing capabilities On-site v. remote capabilities

Transactional data Tied to camera image, access to customer data, real time v. daily

dump Health Monitoring User Management

Who can view your cameras? Procedures for subpoena request for video

Maintenance Managed Services Permitting

Cabling - Low voltage installation

Cameras Bank Name Branch Name Branch Address City, State, ZIP CODE

Video Vendor Video Installation Manager

Name of Video System Wire Run - Location Mounting Instructions

16 Camera System 13 Cameras 1 ATM Camera

1 ATM Camera 1 ATM Unit Yes Pre Installed Inside Unit

3 Exterior Cameras 2 Canopy Mount - ATM OV Yes Wall Mount - Pelco Outdoor Housing 3 Wall Mount - Night Drop OV Yes Wall Mount - Pelco Outdoor Housing 14 Wall Mount - Front Exit Shot Yes Wall Mount - Pelco Outdoor Housing

10 Interior Cameras 4 Inside Wall Teller Line 1 Yes Contract to build out box in wall 5 Inside Wall Teller Line 2 Yes teller line cameras installed in box 6 Inside Wall Teller Line 3 Yes " " 7 Wall Mount Teller Line OV Yes + or - 7' 6" No higher than 8' 8 Wall Mount NightDrop/Cash Vault Yes + or - 7' 6" No higher than 8' 9 Wall Mount Teller Work Room Yes + or - 7' 6" No higher than 8' 10 Dome Mounted (Lobby Overview) Yes Ceiling Mount 11 Wall Mount - Rear Exit Yes + or - 7' 6" No higher than 8' 12 Wall Mount - Front Exit (Door) Yes + or - 7' 6" No higher than 8' 13 Wall Mount - Front Exit (Door) Yes + or - 7' 6" No higher than 8'

Equipment Head End Server Room Rack Mounted

Type of Recording system Switch Port = IP address = Subnet mask = Gateway = Primary DNS = Secondary DNS = SMTP server = Email address where alerts should be sent = securitydvr@iberiabank.com

Notes: Rack Mounted unit Altronix HubWay 16CD

Security Packs

Security Packs Track Pack v. Dye Pack

Pros and Cons Costs Maintenance Notification Comfort Level

Access Control

Access Control Standards Define what access control is in your environment

Full blown access control system monitoring doors Simply locks that prevent unauthorized persons into areas

Access Control

Monitored Access Control Determine what type of system is needed Determine what doors need to have monitored access control Determine what type of lock is needed Determine what type of reader is needed Determine what type of card will be issued

Physical Security Training

Users Define who your users of Physical Security equipment are? Who manages your users?

Training Who trains the users on the Physical Security equipment?

How is it conducted? (Train the trainer, in person training, conference calls, WebEx, vendor training)

How often is it conducted?

Executive Protection

Risk Assessment Alarms Cameras Access Control Training

Physical Security

Questions???