WA RREN J. BUJOL, IBERIA BA NK MA TTHEW RONIG ER, IBERIA BA NK
Physical Security Standards
Physical Security Standards
Agenda Making a Case for Physical Security Why have Standards? Risk Assessments - Justifications Alarm Standards Camera Standards Security Pack Standards Access Control Standards Training Executive Protection
Physical Security Standards
Disclaimer: The views expressed in this presentation are those of the
presenters. The content represents the work and opinions of the presenters and do not necessarily reflect the views of the Directors and Officers of IBERIABANK.
Making a Case for Physical Security
Bank Protection Act of 1968 Board Approved Written Security Program Designation of a Security Officer Establish a Security Program
To include opening and closing procedures Procedures to identify persons committing crimes Cameras, bait money, dye packs, track packs, etc.
Provide initial and periodic training t0 officers and employees in their responsibilities under the security program
Provide for operating, testing, and maintaining appropriate security devices
Making a Case for Physical Security
Security Devices – Each member bank shall have, at a minimum, the following security devices: A means of protecting cash and other liquid assets, such as a vault,
safe, or other secure area; A lighting system for illuminating, during the hours of darkness,
the area around the vault, if the vault is visible from outside the banking office;
Tamper-resistant locks on exterior doors and exterior windows that may be opened;
An alarm system or other appropriate device for promptly notifying the nearest responsible law enforcement officers of an attempted or perpetrated robbery or burglary; and
Making a Case for Physical Security
Such other devices as the security officer determines to be appropriate, taking into consideration: the incidence of crimes against financial institutions in the area; the amount of currency and other valuables exposed to robbery,
burglary, or larceny; the distance of the banking office from the nearest responsible
law enforcement officers; the cost of the security devices; other security measures in effect at the banking office; and the physical characteristics of the structure of the banking
office and its surroundings.
Standards
Definition: something established by authority, custom, or general consent as a model or example.
Why have Standards? Industry recognized practices; peer-reviewed Uniformity Mitigate Risks Ease of Use, Training, and Maintenance Vendor Relationships Limit Liability
Risk Assessments
Risk Assessments
Foundations and Budget Justification of Standards ABA Robbery Tool Kit Peer Financial Institutions Develop your own
Risk Assessments
Allows for rating of branch locations depending on variables such as: Robbery and other criminal history at or around location Staffing at location Type of building Where the Financial Center is located Major Road access Public Entrances into the branch lobby Vehicular Entrances to Premises Visibility into the branch Physical Security deployed by nearby bank branches Cash limit at location Other variables that you deem necessary
Risk Assessments
Scoring and Ratings Risk Rating 1 Risk Rating 2 Risk Rating 3
Assessment Time Frame Every two years Annual Every six months
Deployment of Physical Security is tied to Risk Rating
Alarms
Alarm Standards Type of panel
Intrusion Fire Combination
Communication method Network / Cellular / POTS (analog telephone line)
Keypad v. Panel Zones v. Areas Alarm Code v. PIN
Alarms
Monitoring Response Plan. What do you want the monitoring company or
your monitoring console to do when an alarm activates. False alarm management. Most LE agencies now have a false
alarm fee. Maintenance Contracts
What does it include? Preventative Maintenance – scheduled? Labor only? Parts and Labor?
Alarms
Permitting Cabling False Alarm In many jurisdictions, businesses are being fined for too many
false alarms ($50 - $150 fines) Business being monitored Life Safety – Fire Marshal
Alarms Bank Name Branch Name Branch Address City/State/Zip
Alarm Site # Alarm Installer Installation Manager
BRANCH ALARM SYSTEM Type of Alarm Panel
COMMUNICATIONS Network IP Address = Switch Port = Network NAT IP Address = Subnet Mask = Default Gateway = DNS 1 = DNS 2 = DNS 3 = SIM #
AREAS 1 Includes all detection points related to PREMISES Access (door contacts, window contacts, motion detectors, etc.) Front Door contact, Rear Door contacts
2 Includes all detection points related to CASH PROTECTION Devices (Vaults, Cash Safes, TCR, Night Deposit Vault, etc.)
3 Includes all detection points related to ATMs (SHOULD BE ARMED AT ALL TIMES) 24 hour zone
4 Includes all detection points related to OTHER areas as layout directs
PROFILES/AUTHORITY LEVELS 1 Manager - (all access points) all access areas 2 Associate - (premise access only) Area 1 only 3 Vault Custodian (Vault or Cash Safe) Area 1 and Area 2
4 ATM Custodian (ATM) Area 1 and Area 3 (ATM SHOULD BE ARMED AT ALL TIMES) 5 Janitorial (premise access only) Area 1 only 6 Maintenance (premise access only) Area 1 only
ZONES All Burglary Points Front door contacts Rear door contacts Motion detector
All Holdup Points Teller 1 HUB (hard wired) Teller 2 HUB (hard wired) Office 1 HUB (remote - wireless) Office 2 HUB (remote - wireless) Office 3 HUB (remote - wireless)
All Duress Points Keypad duress ATM duress
USER CODES 1 DURESS CODE 2-39 Branch Alarm Users Branch associates needing an alarm code 40 Janitorial Alarm code for the janitorial 50 Facilities Services Alarm code for the facility maintenance technicians 99 Alarm Technicians Alarm code for the Alarm Company technicians
500 Temporary Contractor Code Alarm code for contractor - premise only
Cameras
Camera Standards Type of cameras
Box, dome, interior, exterior Analog v. IP cameras
Cost, storage capacity, Areas needing coverage v. lenses
Mounting instructions (height, location, etc.) DVR, NVR, SD cards (IP cameras)
Storage capacity (GB v TB) Installation standards and directions Branch bandwidth needs v. camera bandwidth needs
Cameras
Viewing capabilities On-site v. remote capabilities
Transactional data Tied to camera image, access to customer data, real time v. daily
dump Health Monitoring User Management
Who can view your cameras? Procedures for subpoena request for video
Maintenance Managed Services Permitting
Cabling - Low voltage installation
Cameras Bank Name Branch Name Branch Address City, State, ZIP CODE
Video Vendor Video Installation Manager
Name of Video System Wire Run - Location Mounting Instructions
16 Camera System 13 Cameras 1 ATM Camera
1 ATM Camera 1 ATM Unit Yes Pre Installed Inside Unit
3 Exterior Cameras 2 Canopy Mount - ATM OV Yes Wall Mount - Pelco Outdoor Housing 3 Wall Mount - Night Drop OV Yes Wall Mount - Pelco Outdoor Housing 14 Wall Mount - Front Exit Shot Yes Wall Mount - Pelco Outdoor Housing
10 Interior Cameras 4 Inside Wall Teller Line 1 Yes Contract to build out box in wall 5 Inside Wall Teller Line 2 Yes teller line cameras installed in box 6 Inside Wall Teller Line 3 Yes " " 7 Wall Mount Teller Line OV Yes + or - 7' 6" No higher than 8' 8 Wall Mount NightDrop/Cash Vault Yes + or - 7' 6" No higher than 8' 9 Wall Mount Teller Work Room Yes + or - 7' 6" No higher than 8' 10 Dome Mounted (Lobby Overview) Yes Ceiling Mount 11 Wall Mount - Rear Exit Yes + or - 7' 6" No higher than 8' 12 Wall Mount - Front Exit (Door) Yes + or - 7' 6" No higher than 8' 13 Wall Mount - Front Exit (Door) Yes + or - 7' 6" No higher than 8'
Equipment Head End Server Room Rack Mounted
Type of Recording system Switch Port = IP address = Subnet mask = Gateway = Primary DNS = Secondary DNS = SMTP server = Email address where alerts should be sent = [email protected]
Notes: Rack Mounted unit Altronix HubWay 16CD
Security Packs
Security Packs Track Pack v. Dye Pack
Pros and Cons Costs Maintenance Notification Comfort Level
Access Control
Access Control Standards Define what access control is in your environment
Full blown access control system monitoring doors Simply locks that prevent unauthorized persons into areas
Access Control
Monitored Access Control Determine what type of system is needed Determine what doors need to have monitored access control Determine what type of lock is needed Determine what type of reader is needed Determine what type of card will be issued
Physical Security Training
Users Define who your users of Physical Security equipment are? Who manages your users?
Training Who trains the users on the Physical Security equipment?
How is it conducted? (Train the trainer, in person training, conference calls, WebEx, vendor training)
How often is it conducted?
Executive Protection
Risk Assessment Alarms Cameras Access Control Training
Physical Security
Questions???