Program & Risk Management Issues

Designing Physical Security in a Proportionate Manner

It is estimated that £1 million worth of equipment is stolen each year from UK construction sites. With this figure set to rise as a result of tough economic climes, and a host of other threats still extant, it is more important than ever to ensure construction sites are adequately protected. The following highlights key measures for each stage of the Project Security Management Cycle.


Early involvement is the first and most crucial aspect. At Black & Veatch, this is governed by clear project engagement protocols that require key stakeholders’ input and approval before a bid is submitted. Thus, security is integrated into a project from the start. This enables security solutions that minimise financial and operational impacts.

A common example is access control. Whilst such systems provide obvious security benefits, they can also perform cross-departmental functions. Booking in and out, for instance, can be used by human resources, the payroll department and operations management to provide accurate records for site safety requirements.

According to Toby Harding, Black & Veatch Regional Security Manager, “Many sites have individual systems for access control, time and attendance management, and fire protection. Often, however, one or more of these systems is capable of covering all three functions. Combining these reduces both initial purchase costs and maintenance and operational costs. Integrated systems also improve accountability and oversight, which improves security.”


The identification and analysis of risks can be fraught with complexity and conjecture. Put simply, risk analysis is the likelihood multiplied by the impact of an identified threat. This is the security risk manager’s “business case” and should be interrogated and quantified to ensure credibility and buy-in from project leaders.

Underpinning this is the threat assessment, which in its rudimentary form consists of identifying the low, medium and high threats. There are increasingly sophisticated tools to assist in such assessments.

For instance, UK police have recently produced an interactive map showing historic crimes by location. It is a useful tool, but should not be relied upon solely. Terrorism and single-issue extremism are often more subjective, as there is less historic evidence to help identify trends. Risk analysis tools can help, but their limitations need to be recognised.

According to John Kendall, Black & Veatch Global Security Manager, “They are a wise man’s guide, but a fool’s bible. There is no substitute for getting on the ground, assessing the area, speaking with locals, finding out for yourself and using your intuition.”


The assessment and selection of solutions is as complex and open to conjecture as the risk analysis phase, in part, because this is the most expensive stage of the process. With many solutions available, it is easy to see why some people are hesitant. A robust risk analysis, however, will help prioritise solutions proportionate to the threat.

Key considerations in this phase are not to rely on any one solution – whether that is closed-circuit TV (CCTV), manned guarding, or locks and physical barriers.

“When war-gaming through solutions, as an adversary, you will quickly realise that every measure can be defeated or circumnavigated,” Kendall said. “It is just a question of how long it takes. The best physical security solutions will not only delay, but deter, detect and deny.”

A carefully combined solution that is mutually supportive is often most effective. “We recently designed an integrated security system for a critical asset that combined intrusion detection, CCTV and access control. The result was a system providing confidence and clarity for control room staff,” Harding said.

With a manned guard costing approximately £81,000 per year, it is understandable why businesses look to technology. For example, a CCTV system may cost £100,000 to buy and operate in the first year, but only cost £20,000 to operate in subsequent years. Whereas, the cost of manned guarding would stay the same, if not increase.

The Project Security Management Cycle will help identify the operational requirements of a security system. Equally important, however, is how the system will be managed in an ongoing capacity. This means deciding who will hold ownership of the system, how will it fit into the site’s operation, and who will monitor and respond to alarms. Poor management and alarms being ignored due to a high false alarm rate, for example, can breed inherent distrust in the system.

Adversaries are constantly evolving and adapting. The key, both Kendall and Harding note, is staying one step ahead.

Story by Malcolm Hallsworth, Black & Veatch

  Subject Matter Experts:
  Toby Harding,